« previous next »
Pages: 1 [2]

Author Topic: Help!  (Read 1178 times)

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #20 on: December 21, 2008, 02:10:45 PM »
Ok, thanks for the help thus far. =Þ
Logged

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #21 on: December 21, 2008, 04:45:44 PM »
3hours 24minutes and still scanning...still on temporary internet files. I'm getting a lot of internet explorer popups, hopefully once MalwareBytes is finished they will stop.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #22 on: December 21, 2008, 04:52:42 PM »
Do the following, PAUSE the scan with Malwarebytes for now, don't choose abort

download [color=\"#FF0000\"]ATF Cleaner[/color][/url] by Atribune.

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Back at Malwarebyte's AntiMalware, Resume the scan
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #23 on: December 21, 2008, 04:58:27 PM »
Did that ^. Scan is resumed now.
Sped scan up A LOT! Here is log:

I got a vundo. -.-

Malwarebytes' Anti-Malware 1.30
Database version: 1366
Windows 5.1.2600 Service Pack 3

12/21/2008 4:04:35 PM
mbam-log-2008-12-21 (16-04-35).txt

Scan type: Quick Scan
Objects scanned: 68861
Time elapsed: 3 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 8
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efccBRhg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xaxfdsgg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMdCrpn.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomdcrpn (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0027b6eb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccbrhg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccbrhg  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Garrett's Account\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\efccBRhg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ghRBccfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghRBccfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xaxfdsgg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ggsdfxax.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdCrpn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\winloggn.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\awtSMgef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\TDSSf6ad.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqxnr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwgod.log (Trojan.TDSS) -> Quarantined and deleted successfully.
« Last Edit: December 21, 2008, 05:05:17 PM by i w1sh i was rich »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #24 on: December 21, 2008, 05:06:25 PM »
Did you reboot the computer?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #25 on: December 21, 2008, 05:13:34 PM »
Rebooted now. Do you need a new 'HijackThis' Logg?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #26 on: December 21, 2008, 05:15:50 PM »
Yes please, post a fresh Hijackthis log
Let's see what we're left with
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #27 on: December 21, 2008, 05:16:50 PM »
Edit) Now Norton is telling me I have no virus protection.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:20 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {9d1254b4-f4dc-d05a-8c34-cd534a178638} - {836871a4-35dc-43c8-a50d-cd4f4b4521d9} - C:\WINDOWS\system32\ovryyh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: ovryyh.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8996 bytes
« Last Edit: December 21, 2008, 05:19:05 PM by i w1sh i was rich »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #28 on: December 21, 2008, 05:24:50 PM »
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus, AntiSpyware and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]
It's important you try to refrain from using this computer till we have finished this scanner
This includes open Web browsers, etc...

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 15 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #29 on: December 21, 2008, 07:09:06 PM »
Sorry for the delay, here is the log.
ComboFix 08-12-21.02 - Garrett's Account 2008-12-21 16:34:35.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.959.364 [GMT -6:00]
Running from: c:\documents and settings\Garrett's Account\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Garrett's Account\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\ovryyh.dll
c:\windows\system32\TDSSmupe.dat
c:\windows\system32\yixweplm.dll
D:\resycled
d:\resycled\boot.com

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((((((((   Files Created from 2008-11-21 to 2008-12-21  )))))))))))))))))))))))))))))))
.

2008-12-21 12:48 . 2008-12-21 12:48   <DIR>   d--------   C:\Sandbox
2008-12-21 12:48 . 2008-12-21 16:06   1,384   --a------   c:\windows\Sandboxie.ini
2008-12-21 12:47 . 2008-12-21 12:47   <DIR>   d--------   c:\program files\Sandboxie
2008-12-20 22:13 . 2008-12-20 22:13   57,856   --a------   c:\windows\system32\tuvSLEVm.dll
2008-12-20 22:07 . 2008-12-20 22:07   57,856   --a------   c:\windows\system32\vtUmMeDV.dll
2008-12-19 23:35 . 2008-12-19 23:35   <DIR>   d--------   c:\program files\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:36   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:35   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-18 23:54 . 2008-12-20 15:17   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-18 20:32 . 2008-12-18 20:54   <DIR>   d--------   c:\windows\system32\Adobe
2008-12-04 22:22 . 2008-12-04 22:22   <DIR>   dr-h-----   C:\AHCache
2008-12-01 16:10 . 2008-12-05 16:57   410,984   --a------   c:\windows\system32\deploytk.dll
2008-11-21 21:20 . 2008-11-21 21:20   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Subversion
2008-11-21 21:19 . 2008-11-21 21:19   <DIR>   d--------   c:\program files\SCAR 3.15
2008-11-21 21:14 . 2008-11-21 21:14   <DIR>   d--------   c:\program files\Subversion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 22:21   31   ----a-w   c:\documents and settings\Garrett's Account\jagex_runescape_preferences.dat
2008-12-20 21:22   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-20 05:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:47   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\FrostWire
2008-12-05 22:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 22:57   ---------   d-----w   c:\program files\Sun
2008-12-05 22:57   ---------   d-----w   c:\program files\Java
2008-11-07 23:04   ---------   d-----w   c:\program files\Canon
2008-11-04 22:23   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Malwarebytes
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 18:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 22:10   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2003-03-18 01:27   307,904   -c--a-w   c:\windows\inf\wg311nd5.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-11-04_22.42.25.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23   135,168   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15   512,000   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16   180,224   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16   172,032   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16   430,080   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44   155,648   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17   90,112   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18   755,576   ----a-w   c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19   382,840   ----a-w   c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-10 01:10:56   1,379,840   ----a-w   c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:27   1,106,944   ----a-w   c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51   17,272   ----a-w   c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51   231,288   ----a-w   c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51   26,488   ----a-w   c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51   755,576   ----a-w   c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 19:08:38   382,840   ----a-w   c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42   286,720   ----a-w   c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29   755,576   ----a-w   c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37   382,840   ----a-w   c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11   455,936   ----a-w   c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04   755,576   ----a-w   c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12   382,840   ----a-w   c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
- 2004-08-04 15:06:34   82,944   -c----w   c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2008-04-14 00:11:59   82,944   -c----w   c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-04 15:06:34   82,944   -c----w   c:\windows\$NtUninstallKB946648_0$\msgsc.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB946648_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB946648_0$\spuninst\updspapi.dll
- 2006-07-13 08:48:58   202,240   -c----w   c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2008-04-13 18:55:08   202,624   -c----w   c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58   202,240   -c----w   c:\windows\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 04:39:45   243,200   -c----w   c:\windows\$NtUninstallKB950974$\es.dll
+ 2008-04-14 00:11:53   246,272   -c----w   c:\windows\$NtUninstallKB950974$\es.dll
+ 2005-07-26 04:39:45   243,200   -c----w   c:\windows\$NtUninstallKB950974_0$\es.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB950974_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB950974_0$\spuninst\updspapi.dll
- 2007-08-21 06:15:44   683,520   -c----w   c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2008-04-14 00:11:54   691,712   -c----w   c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-08-21 06:15:44   683,520   -c----w   c:\windows\$NtUninstallKB951066_0$\inetcomm.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951066_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB951066_0$\spuninst\updspapi.dll
- 2008-04-14 11:01:02   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 12:30:49   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 11:01:02   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
+ 2008-04-13 18:46:32   273,024   -c----w   c:\windows\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:03   1,287,680   -c----w   c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2008-04-14 00:12:03   1,288,192   -c----w   c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:03   1,287,680   -c----w   c:\windows\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2004-08-04 12:00:00   138,496   -c----w   c:\windows\$NtUninstallKB951748$\afd.sys
+ 2008-04-13 19:19:23   138,112   -c----w   c:\windows\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:32:43   148,992   -c----w   c:\windows\$NtUninstallKB951748$\dnsapi.dll
+ 2008-04-14 00:11:52   147,968   -c----w   c:\windows\$NtUninstallKB951748$\dnsapi.dll
- 2004-08-04 12:00:00   245,248   -c----w   c:\windows\$NtUninstallKB951748$\mswsock.dll
+ 2008-04-14 00:12:01   245,248   -c----w   c:\windows\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55   360,064   -c----w   c:\windows\$NtUninstallKB951748$\tcpip.sys
+ 2008-04-13 19:20:16   361,344   -c----w   c:\windows\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30   225,664   -c----w   c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2008-04-13 19:00:02   225,664   -c----w   c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-04 12:00:00   138,496   -c----w   c:\windows\$NtUninstallKB951748_0$\afd.sys
+ 2008-02-20 05:32:43   148,992   -c----w   c:\windows\$NtUninstallKB951748_0$\dnsapi.dll
+ 2004-08-04 12:00:00   245,248   -c----w   c:\windows\$NtUninstallKB951748_0$\mswsock.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951748_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB951748_0$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55   360,064   -c----w   c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2006-08-16 09:37:30   225,664   -c----w   c:\windows\$NtUninstallKB951748_0$\tcpip6.sys
+ 2008-04-14 00:12:15   139,264   -c----w   c:\windows\$NtUninstallKB951978$\cscript.exe
+ 2008-04-14 00:11:56   512,000   -c----w   c:\windows\$NtUninstallKB951978$\jscript.dll
+ 2008-04-14 00:12:05   180,224   -c----w   c:\windows\$NtUninstallKB951978$\scrobj.dll
+ 2008-04-14 00:12:05   172,032   -c----w   c:\windows\$NtUninstallKB951978$\scrrun.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB951978$\spuninst\updspapi.dll
+ 2008-04-14 00:12:08   434,176   -c----w   c:\windows\$NtUninstallKB951978$\vbscript.dll
+ 2008-04-14 00:12:41   155,648   -c----w   c:\windows\$NtUninstallKB951978$\wscript.exe
+ 2008-04-14 00:12:10   90,112   -c----w   c:\windows\$NtUninstallKB951978$\wshext.dll
- 2004-08-04 12:00:00   331,776   -c----w   c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2008-05-01 14:30:33   331,776   -c----w   c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2004-08-04 12:00:00   331,776   -c----w   c:\windows\$NtUninstallKB952287_0$\msadce.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB952287_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB952287_0$\spuninst\updspapi.dll
- 2005-06-29 01:46:00   74,240   -c----w   c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2008-04-14 00:11:58   73,728   -c----w   c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2005-06-29 01:46:00   74,240   -c----w   c:\windows\$NtUninstallKB952954_0$\mscms.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB952954_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB952954_0$\spuninst\updspapi.dll
- 2008-03-19 09:47:00   1,845,248   -c----w   c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2008-04-13 19:30:10   1,845,632   -c----w   c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB954211_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB954211_0$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00   1,845,248   -c----w   c:\windows\$NtUninstallKB954211_0$\win32k.sys
+ 2008-04-14 00:12:01   1,306,624   -c----w   c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 00:12:01   1,104,896   -c----w   c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 19:08:38   382,840   -c----w   c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
- 2008-06-20 10:44:38   138,368   -c----w   c:\windows\$NtUninstallKB956803$\afd.sys
+ 2008-06-20 11:40:08   138,496   -c----w   c:\windows\$NtUninstallKB956803$\afd.sys
+ 2008-06-20 10:44:38   138,368   -c----w   c:\windows\$NtUninstallKB956803_0$\afd.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB956803_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB956803_0$\spuninst\updspapi.dll
- 2007-02-28 08:38:55   2,057,600   -c----w   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 18:31:21   2,065,792   -c----w   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
- 2007-02-28 09:10:57   2,180,352   -c----w   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2008-04-13 19:27:53   2,188,928   -c----w   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-02-28 09:08:48   2,136,064   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrnlmp.exe
+ 2007-02-28 08:38:55   2,057,600   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
+ 2007-02-28 08:38:57   2,015,744   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrpamp.exe
+ 2007-02-28 09:10:57   2,180,352   -c----w   c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB956841_0$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37   382,840   -c----w   c:\windows\$NtUninstallKB956841_0$\spuninst\updspapi.dll
- 2006-08-14 10:34:41   332,928   -c----w   c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-04-13 19:15:11   334,848   -c----w   c:\windows\$NtUninstallKB957095$\srv.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB957095_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB957095_0$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41   332,928   -c----w   c:\windows\$NtUninstallKB957095_0$\srv.sys
+ 2008-04-13 19:17:01   456,576   -c----w   c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02   231,288   -c----w   c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12   382,840   -c----w   c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
- 2006-08-17 12:28:27   332,288   -c----w   c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2008-04-14 00:12:01   337,408   -c----w   c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2006-08-17 12:28:27   332,288   -c----w   c:\windows\$NtUninstallKB958644_0$\netapi32.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB958644_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB958644_0$\spuninst\updspapi.dll
+ 2008-12-21 02:31:00   101,991   ----a-w   c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat
- 2008-11-01 02:44:28   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-21 22:20:58   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-11-01 02:44:29   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-21 22:20:58   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2006-10-04 14:05:26   39,424   ------w   c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 00:11:48   39,424   ----a-w   c:\windows\AppPatch\acadproc.dll
- 2004-08-04 12:00:00   1,852,416   ------w   c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48   1,852,928   ----a-w   c:\windows\AppPatch\acgenral.dll
- 2004-08-04 12:00:00   450,048   -c----w   c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48   451,072   ----a-w   c:\windows\AppPatch\aclayers.dll
- 2004-08-04 12:00:00   137,728   -c----w   c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48   141,312   ----a-w   c:\windows\AppPatch\aclua.dll
- 2004-08-04 12:00:00   244,736   -c----w   c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48   245,248   ----a-w   c:\windows\AppPatch\acspecfc.dll
- 2004-08-04 12:00:00   116,224   -c----w   c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48   116,224   ----a-w   c:\windows\AppPatch\acxtrnal.dll
+ 2008-06-13 11:05:51   272,128   ------w   c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:21:09   455,296   ------w   c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 10:09:26   2,145,280   ------w   c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16   2,066,048   ------w   c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16   2,023,936   ------w   c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02   2,189,184   ------w   c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07   1,033,216   ------w   c:\windows\explorer.exe
+ 2008-04-14 00:12:19   1,033,728   ----a-w   c:\windows\explorer.exe
+ 2008-08-26 07:24:28   124,928   -c----w   c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28   347,136   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28   214,528   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28   133,120   -c----w   c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28   63,488   -c----w   c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59   70,656   -c----w   c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28   153,088   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28   230,400   -c----w   c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51   161,792   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28   383,488   -c----w   c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29   384,512   -c----w   c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15   6,066,176   -c----w   c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29   267,776   -c----w   c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00   13,824   -c----w   c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15   635,848   -c----w   c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30   27,648   -c----w   c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30   459,264   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30   52,224   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32   3,593,216   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30   477,696   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30   193,024   -c----w   c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30   671,232   -c----w   c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30   102,912   -c----w   c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30   105,984   -c----w   c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31   1,159,680   -c----w   c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31   233,472   -c----w   c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31   826,368   -c----w   c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 08:08:40   3,593,216   -c----w   c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47   371,424   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-19 05:54:40   29,184   ----a-r   c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe
- 2008-01-14 00:56:43   29,926   ----a-r   c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-11-07 22:43:49   29,926   ----a-r   c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-11-13 06:00:51   32,768   ----a-r   c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 08:07:41   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-10 06:06:14   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-16 08:07:41   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-10 06:06:14   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-16 08:07:41   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-10 06:06:14   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-16 08:07:40   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-10 06:06:14   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-16 08:07:41   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-10 06:06:14   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-16 08:07:41   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-10 06:06:14   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-16 08:07:41   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-10 06:06:14   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-16 08:07:41   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-10 06:06:14   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-16 08:07:40   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-10 06:06:14   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-16 08:07:40   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-10 06:06:14   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-16 08:07:41   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-10 06:06:14   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-16 08:07:40   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-10 06:06:13   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-16 08:07:40   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-10 06:06:13   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-21 18:45:23   465,882   ----a-w   c:\windows\Installer\SandboxieInstall.exe
- 2004-08-04 12:00:00   38,912   ------w   c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02   38,400   ----a-w   c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2004-08-04 12:00:00   194,048   ------w   c:\windows\system32\activeds.dll
+ 2008-04-14 00:11:48   193,536   ----a-w   c:\windows\system32\activeds.dll
- 2004-08-04 12:00:00   101,888   ------w   c:\windows\system32\actxprxy.dll
+ 2008-04-14 00:11:48   98,304   ----a-w   c:\windows\system32\actxprxy.dll
+ 2008-11-24 20:35:00   114,688   ----a-w   c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-24 20:43:36   202,168   ----a-w   c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-24 20:35:38   499,712   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-24 20:16:06   1,798,144   ----a-w   c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-24 20:35:40   9,216   ----a-w   c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-24 20:07:38   703,488   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-24 20:07:38   1,145,896   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-24 20:07:38   52,288   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-24 20:12:14   892,928   ----a-w   c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-12-19 02:53:59   181,624   ----atw   c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
+ 2008-11-24 20:34:18   266,240   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-24 20:36:12   446,464   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-24 20:43:16   460,216   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe
+ 2008-11-24 20:34:04   114,688   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-24 20:34:02   94,208   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-24 20:07:38   58,736   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 16:55:30   149,504   ----a-w   c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2004-08-04 12:00:00   143,360   ------w   c:\windows\system32\adsldpc.dll
+ 2008-04-14 00:11:48   143,360   ----a-w   c:\windows\system32\adsldpc.dll
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\system32\advpack.dll
- 2004-08-04 12:00:00   44,544   ------w   c:\windows\system32\alg.exe
+ 2008-04-14 00:12:12   44,544   ----a-w   c:\windows\system32\alg.exe
- 2004-08-04 12:00:00   126,976   ------w   c:\windows\system32\apphelp.dll
+ 2008-04-14 00:11:49   125,952   ----a-w   c:\windows\system32\apphelp.dll
- 2004-08-04 12:00:00   58,880   ------w   c:\windows\system32\atl.dll
+ 2008-04-14 00:11:50   58,880   ----a-w   c:\windows\system32\atl.dll
- 2004-08-04 12:00:00   42,496   ------w   c:\windows\system32\audiosrv.dll
+ 2008-04-14 00:11:50   42,496   ----a-w   c:\windows\system32\audiosrv.dll
- 2005-03-02 18:09:29   56,832   ------w   c:\windows\system32\authz.dll
+ 2008-04-14 00:11:50   62,464   ----a-w   c:\windows\system32\authz.dll
- 2004-08-04 12:00:00   52,736   ------w   c:\windows\system32\basesrv.dll
+ 2008-04-14 00:11:50   52,736   ----a-w   c:\windows\system32\basesrv.dll
- 2004-08-04 12:00:00   28,672   ------w   c:\windows\system32\batmeter.dll
+ 2008-04-14 00:11:50   29,184   ----a-w   c:\windows\system32\batmeter.dll
- 2004-08-04 12:00:00   63,488   ------w   c:\windows\system32\browselc.dll
+ 2008-04-13 17:03:24   63,488   ----a-w   c:\windows\system32\browselc.dll
- 2004-08-04 12:00:00   77,312   ------w   c:\windows\system32\browser.dll
+ 2008-04-14 00:11:50   77,824   ----a-w   c:\windows\system32\browser.dll
- 2006-09-23 18:12:50   1,022,976   ------w   c:\windows\system32\browseui.dll
+ 2008-04-14 00:11:50   1,025,024   ----a-w   c:\windows\system32\browseui.dll
- 2004-08-04 18:00:00   59,904   ------w   c:\windows\system32\cabinet.dll
+ 2008-04-14 00:11:50   60,416   ----a-w   c:\windows\system32\cabinet.dll
- 2005-07-26 04:39:42   225,792   ------w   c:\windows\system32\catsrv.dll
+ 2008-04-14 00:11:50   226,304   ----a-w   c:\windows\system32\catsrv.dll
- 2005-07-26 04:39:43   625,152   ------w   c:\windows\system32\catsrvut.dll
+ 2008-04-14 00:11:50   625,664   ----a-w   c:\windows\system32\catsrvut.dll
- 2008-07-19 03:10:48   94,920   ----a-w   c:\windows\system32\cdm.dll
+ 2008-10-16 20:09:44   92,696   ----a-w   c:\windows\system32\cdm.dll
- 2004-08-04 12:00:00   194,560   ------w   c:\windows\system32\certcli.dll
+ 2008-04-14 00:11:50   194,560   ----a-w   c:\windows\system32\certcli.dll
- 2004-08-04 12:00:00   16,896   ------w   c:\windows\system32\cfgmgr32.dll
+ 2008-04-14 00:09:05   16,896   ----a-w   c:\windows\system32\cfgmgr32.dll
- 2005-07-26 04:39:43   498,688   ------w   c:\windows\system32\clbcatq.dll
+ 2008-04-14 00:11:50   498,688   ----a-w   c:\windows\system32\clbcatq.dll
- 2004-08-04 12:00:00   57,856   ------w   c:\windows\system32\clusapi.dll
+ 2008-04-14 00:11:50   58,368   ----a-w   c:\windows\system32\clusapi.dll
- 2004-08-04 18:00:00   47,104   ------w   c:\windows\system32\cnbjmon.dll
+ 2008-04-14 00:11:50   47,104   ----a-w   c:\windows\system32\cnbjmon.dll
- 2005-07-26 04:39:43   60,416   ------w   c:\windows\system32\colbact.dll
+ 2008-04-14 00:11:51   60,416   ----a-w   c:\windows\system32\colbact.dll
- 2004-08-04 12:00:00   792,064   ------w   c:\windows\system32\comres.dll
+ 2008-04-14 00:11:51   792,064   ----a-w   c:\windows\system32\comres.dll
- 2005-07-26 04:39:44   1,267,200   ------w   c:\windows\system32\comsvcs.dll
+ 2008-04-14 00:11:51   1,267,200   ----a-w   c:\windows\system32\comsvcs.dll
- 2008-11-03 01:15:44   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-21 04:14:36   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-03 01:15:44   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-21 04:14:36   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-06 06:08:40   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110620081107\index.dat
- 2008-11-03 01:15:44   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 04:14:36   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 12:00:00   27,648   -c----w   c:\windows\system32\conime.exe
+ 2008-04-14 00:12:15   27,648   ----a-w   c:\windows\system32\conime.exe
- 2004-08-04 12:00:00   163,840   ------w   c:\windows\system32\credui.dll
+ 2008-04-14 00:11:51   163,840   ----a-w   c:\windows\system32\credui.dll
- 2004-08-04 12:00:00   597,504   ------w   c:\windows\system32\crypt32.dll
+ 2008-04-14 00:11:51   599,040   ----a-w   c:\windows\system32\crypt32.dll
- 2004-08-04 12:00:00   33,280   ------w   c:\windows\system32\cryptdll.dll
+ 2008-04-14 00:11:51   33,280   ----a-w   c:\windows\system32\cryptdll.dll
- 2004-08-04 12:00:00   60,416   ------w   c:\windows\system32\cryptsvc.dll
+ 2008-04-14 00:11:51   62,464   ----a-w   c:\windows\system32\cryptsvc.dll
- 2004-08-04 12:00:00   512,512   ------w   c:\windows\system32\cryptui.dll
+ 2008-04-14 00:11:51   512,512   ----a-w   c:\windows\system32\cryptui.dll
- 2004-08-04 12:00:00   101,888   ------w   c:\windows\system32\cscdll.dll
+ 2008-04-14 00:11:51   101,888   ----a-w   c:\windows\system32\cscdll.dll
- 2008-04-14 00:12:15   139,264   ----a-w   c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23   135,168   ----a-w   c:\windows\system32\cscript.exe
- 2004-08-04 12:00:00   326,656   ------w   c:\windows\system32\cscui.dll
+ 2008-04-14 00:11:51   326,656   ----a-w   c:\windows\system32\cscui.dll
- 2004-08-04 12:00:00   6,144   ------w   c:\windows\system32\csrss.exe
+ 2008-04-14 00:12:15   6,144   ----a-w   c:\windows\system32\csrss.exe
- 2004-08-04 12:00:00   15,360   ------w   c:\windows\system32\ctfmon.exe
+ 2008-04-14 00:12:16   15,360   ----a-w   c:\windows\system32\ctfmon.exe
- 2004-08-04 12:00:00   24,576   ------w   c:\windows\system32\davclnt.dll
+ 2008-04-14 00:11:51   25,088   ----a-w   c:\windows\system32\davclnt.dll
- 2004-08-04 18:00:00   640,000   ------w   c:\windows\system32\dbghelp.dll
+ 2008-04-14 00:11:51   640,000   ----a-w   c:\windows\system32\dbghelp.dll
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\system32\dllcache\advpack.dll
+ 2008-08-14 10:04:36   138,496   ------w   c:\windows\system32\dllcache\afd.sys
+ 2008-06-13 11:05:51   272,128   ------w   c:\windows\system32\dllcache\bthport.sys
- 2008-07-19 03:10:48   94,920   ----a-w   c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
+ 2008-05-07 09:07:23   135,168   ------w   c:\windows\system32\dllcache\cscript.exe
+ 2008-06-20 17:46:57   147,968   ------w   c:\windows\system32\dllcache\dnsapi.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:26:58   253,952   ------w   c:\windows\system32\dllcache\es.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14   286,720   ------w   c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15   635,848   ----a-w   c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26   633,632   ----a-w   c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-11 19:04:26   691,712   ------w   c:\windows\system32\dllcache\inetcomm.dll
+ 2008-05-09 10:53:39   512,000   ------w   c:\windows\system32\dllcache\jscript.dll
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 02:03:58   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:21:09   455,296   ------w   c:\windows\system32\dllcache\mrxsmb.sys
- 2008-05-01 14:30:33   331,776   ----a-w   c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:33:02   331,776   ----a-w   c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:43:16   74,240   ------w   c:\windows\system32\dllcache\mscms.dll
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
+ 2008-06-20 17:46:57   245,248   ------w   c:\windows\system32\dllcache\mswsock.dll
+ 2008-09-04 17:15:04   1,106,944   ------w   c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 00:12:01   1,306,624   ------w   c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56   1,307,648   ------w   c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-15 16:34:24   337,408   ------w   c:\windows\system32\dllcache\netapi32.dll
+ 2008-08-14 10:09:26   2,145,280   ------w   c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:33:16   2,066,048   ------w   c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:33:16   2,023,936   ------w   c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 10:11:02   2,189,184   ------w   c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-08-26 07:24:30   102,912   ----a-w   c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39   102,912   ----a-w   c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:12:40   1,288,192   ------w   c:\windows\system32\dllcache\quartz.dll
+ 2008-05-08 14:02:52   203,136   ------w   c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-09 10:53:39   180,224   ------w   c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40   172,032   ------w   c:\windows\system32\dllcache\scrrun.dll
+ 2008-09-08 10:41:42   333,824   ------w   c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:12:07   246,814   ----a-w   c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
+ 2008-06-20 11:51:12   361,600   ------w   c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:08:27   225,856   ------w   c:\windows\system32\dllcache\tcpip6.sys
- 2008-08-26 07:24:30   105,984   ----a-w   c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39   105,984   ----a-w   c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31   1,159,680   ----a-w   c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   ----a-w   c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-09 10:53:40   430,080   ------w   c:\windows\system32\dllcache\vbscript.dll
- 2008-08-26 07:24:31   233,472   ----a-w   c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39   233,472   ----a-w   c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-15 12:12:56   1,846,400   ------w   c:\windows\system32\dllcache\win32k.sys
- 2008-08-26 07:24:31   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 03:47:20   937,984   ----a-w   c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08   938,496   ----a-w   c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 03:47:22   2,450,944   ----a-w   c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14   2,458,112   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-08 11:24:44   155,648   ------w   c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40   90,112   ------w   c:\windows\system32\dllcache\wshext.dll
- 2008-07-19 03:09:44   563,912   ----a-w   c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 03:10:42   53,448   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 03:09:42   1,811,656   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 03:09:46   325,832   ----a-w   c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 03:10:20   36,552   ----a-w   c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
- 2008-07-19 03:09:44   205,000   ----a-w   c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 17:41:10   148,992   ------w   c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:46:57   147,968   ----a-w   c:\windows\system32\dnsapi.dll
- 2008-04-13 19:19:23   138,112   ----a-w   c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36   138,496   ----a-w   c:\windows\system32\drivers\afd.sys
- 2008-04-13 18:46:32   273,024   ----a-w   c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 11:05:51   272,128   ----a-w   c:\windows\system32\drivers\bthport.sys
- 2008-04-13 18:55:08   202,624   ----a-w   c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 14:02:52   203,136   ----a-w   c:\windows\system32\drivers\rmcast.sys
- 2008-04-13 19:15:11   334,848   ----a-w   c:\windows\system32\drivers\srv.sys
+ 2008-09-08 10:41:42   333,824   ----a-w   c:\windows\system32\drivers\srv.sys
- 2008-04-13 19:20:16   361,344   ----a-w   c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 11:51:12   361,600   ----a-w   c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 19:00:02   225,664   ----a-w   c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 11:08:27   225,856   ----a-w   c:\windows\system32\drivers\tcpip6.sys
- 2004-08-04 12:00:00   14,336   ------w   c:\windows\system32\drprov.dll
+ 2008-04-14 00:11:52   14,336   ----a-w   c:\windows\system32\drprov.dll
- 2004-08-04 12:00:00   367,616   ------w   c:\windows\system32\dsound.dll
+ 2008-04-14 00:11:52   367,616   ----a-w   c:\windows\system32\dsound.dll
- 2004-08-04 12:00:00   137,216   ------w   c:\windows\system32\dssenh.dll
+ 2008-04-13 17:37:57   138,752   ----a-w   c:\windows\system32\dssenh.dll
- 2004-08-04 12:00:00   304,128   ------w   c:\windows\system32\duser.dll
+ 2008-04-14 00:11:52   304,128   ----a-w   c:\windows\system32\duser.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00:00   23,040   ------w   c:\windows\system32\ersvc.dll
+ 2008-04-14 00:11:53   23,040   ----a-w   c:\windows\system32\ersvc.dll
- 2008-07-07 20:32:22   253,952   ------w   c:\windows\system32\es.dll
+ 2008-07-07 20:26:58   253,952   ----a-w   c:\windows\system32\es.dll
- 2005-10-20 22:20:03   1,082,368   ------w   c:\windows\system32\esent.dll
+ 2008-04-14 00:11:53   1,082,368   ----a-w   c:\windows\system32\esent.dll
- 2004-08-04 12:00:00   55,808   ------w   c:\windows\system32\eventlog.dll
+ 2008-04-14 00:11:53   56,320   ----a-w   c:\windows\system32\eventlog.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\extmgr.dll
- 2008-10-16 08:15:58   287,704   ----a-w   c:\windows\system32\FNTCACHE.DAT
+ 2008-11-06 06:08:07   287,704   ----a-w   c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00   452,096   ------w   c:\windows\system32\fxsapi.dll
+ 2008-04-14 00:11:53   451,584   ----a-w   c:\windows\system32\fxsapi.dll
- 2004-08-04 12:00:00   55,296   ------w   c:\windows\system32\fxsevent.dll
+ 2008-04-14 00:11:54   55,296   ----a-w   c:\windows\system32\fxsevent.dll
- 2004-08-04 12:00:00   23,552   ------w   c:\windows\system32\fxsmon.dll
+ 2008-04-14 00:11:54   23,552   ----a-w   c:\windows\system32\fxsmon.dll
- 2004-08-04 12:00:00   562,176   ------w   c:\windows\system32\fxsst.dll
+ 2008-04-14 00:11:54   562,176   ----a-w   c:\windows\system32\fxsst.dll
- 2008-02-20 06:51:05   282,624   ------w   c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14   286,720   ----a-w   c:\windows\system32\gdi32.dll
- 2004-08-04 18:00:00   20,992   -c----w   c:\windows\system32\hid.dll
+ 2008-04-14 00:11:54   20,992   ----a-w   c:\windows\system32\hid.dll
- 2004-08-04 05:56:44   21,504   ------w   c:\windows\system32\hidserv.dll
+ 2008-04-14 00:11:54   21,504   ----a-w   c:\windows\system32\hidserv.dll
- 2004-08-04 12:00:00   344,064   ------w   c:\windows\system32\hnetcfg.dll
+ 2008-04-14 00:11:54   344,064   ----a-w   c:\windows\system32\hnetcfg.dll
- 2004-08-04 12:00:00   11,264   ------w   c:\windows\system32\icaapi.dll
+ 2008-04-14 00:11:54   11,264   ----a-w   c:\windows\system32\icaapi.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00:00   110,080   ------w   c:\windows\system32\imm32.dll
+ 2008-04-14 00:11:54   110,080   ----a-w   c:\windows\system32\imm32.dll
- 2008-04-14 00:11:54   691,712   ----a-w   c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:04:26   691,712   ----a-w   c:\windows\system32\inetcomm.dll
- 2004-08-04 12:00:00   75,264   ------w   c:\windows\system32\inetpp.dll
+ 2008-04-14 00:11:55   75,264   ----a-w   c:\windows\system32\inetpp.dll
- 2006-05-19 12:59:41   94,720   ------w   c:\windows\system32\iphlpapi.dll
+ 2008-04-14 00:11:55   94,720   ----a-w   c:\windows\system32\iphlpapi.dll
- 2004-08-04 12:00:00   331,264   ------w   c:\windows\system32\ipnathlp.dll
+ 2008-04-14 00:11:55   331,264   ----a-w   c:\windows\system32\ipnathlp.dll
- 2004-08-04 12:00:00   182,784   ------w   c:\windows\system32\ipsecsvc.dll
+ 2008-04-14 00:11:55   183,808   ----a-w   c:\windows\system32\ipsecsvc.dll
- 2008-06-10 07:21:01   135,168   ----a-w   c:\windows\system32\java.exe
+ 2008-12-05 22:57:23   144,792   ----a-w   c:\windows\system32\java.exe
- 2008-06-10 07:21:04   135,168   ----a-w   c:\windows\system32\javaw.exe
+ 2008-12-05 22:57:23   144,792   ----a-w   c:\windows\system32\javaw.exe
- 2008-06-10 08:32:34   139,264   ----a-w   c:\windows\system32\javaws.exe
+ 2008-12-05 22:57:23   148,888   ----a-w   c:\windows\system32\javaws.exe
- 2007-08-13 23:38:04   491,520   ------w   c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39   512,000   ----a-w   c:\windows\system32\jscript.dll
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\jsproxy.dll
- 2005-06-15 17:49:30   295,936   ------w   c:\windows\system32\kerberos.dll
+ 2008-04-14 00:11:56   299,520   ----a-w   c:\windows\system32\kerberos.dll
- 2005-09-01 01:41:53   19,968   ------w   c:\windows\system32\linkinfo.dll
+ 2008-04-14 00:11:56   19,968   ----a-w   c:\windows\system32\linkinfo.dll
- 2004-08-04 12:00:00   97,280   ------w   c:\windows\system32\loadperf.dll
+ 2008-04-14 00:11:56   97,280   ----a-w   c:\windows\system32\loadperf.dll
- 2006-10-19 02:03:58   100,864   ----a-w   c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22   100,864   ----a-w   c:\windows\system32\logagent.exe
- 2004-08-04 12:00:00   13,312   ------w   c:\windows\system32\lsass.exe
+ 2008-04-14 00:12:24   13,312   ----a-w   c:\windows\system32\lsass.exe
- 2006-11-09 21:20:00   2,111,096   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02   3,695,008   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 21:20:00   190,072   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04   235,936   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-15 23:32:35   84,661   ----a-w   c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 12:00:00   118,272   -c----w   c:\windows\system32\mdminst.dll
+ 2008-04-14 00:11:56   118,272   ----a-w   c:\windows\system32\mdminst.dll
- 2004-08-04 12:00:00   22,528   ------w   c:\windows\system32\mfcsubs.dll
+ 2008-04-14 00:11:56   22,528   ----a-w   c:\windows\system32\mfcsubs.dll
- 2004-08-04 12:00:00   18,944   ------w   c:\windows\system32\midimap.dll
+ 2008-04-14 00:11:57   18,944   ----a-w   c:\windows\system32\midimap.dll
- 2004-08-04 12:00:00   586,240   ------w   c:\windows\system32\mlang.dll
+ 2008-04-14 00:11:57   586,240   ----a-w   c:\windows\system32\mlang.dll
- 2004-08-04 12:00:00   153,600   -c----w   c:\windows\system32\modemui.dll
+ 2008-04-14 00:11:57   153,600   ----a-w   c:\windows\system32\modemui.dll
- 2004-08-04 12:00:00   59,904   ------w   c:\windows\system32\mpr.dll
+ 2008-04-14 00:11:57   59,904   ----a-w   c:\windows\system32\mpr.dll
- 2004-08-04 12:00:00   87,040   ------w   c:\windows\system32\mprapi.dll
+ 2008-04-14 00:11:57   87,040   ----a-w   c:\windows\system32\mprapi.dll
- 2008-10-07 19:19:40   16,721,856   ----a-w   c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37   17,593,280   ----a-w   c:\windows\system32\MRT.exe
- 2004-08-04 12:00:00   71,680   ------w   c:\windows\system32\msacm32.dll
+ 2008-04-14 00:11:58   71,680   ----a-w   c:\windows\system32\msacm32.dll
- 2004-08-04 12:00:00   57,344   ------w   c:\windows\system32\msasn1.dll
+ 2008-04-14 00:11:58   57,344   ----a-w   c:\windows\system32\msasn1.dll
- 2008-06-24 16:23:05   74,240   ------w   c:\windows\system32\mscms.dll
+ 2008-06-24 16:43:16   74,240   ----a-w   c:\windows\system32\mscms.dll
- 2004-08-04 12:00:00   12,288   -c----w   c:\windows\system32\mscpx32r.dLL
+ 2008-04-13 17:26:07   12,288   ----a-w   c:\windows\system32\mscpx32r.dll
- 2004-08-04 12:00:00   36,864   -c----w   c:\windows\system32\mscpxl32.dLL
+ 2008-04-14 00:11:58   36,864   ----a-w   c:\windows\system32\mscpxl32.dll
- 2008-02-26 11:59:50   294,912   ------w   c:\windows\system32\msctf.dll
+ 2008-04-14 00:11:58   297,984   ----a-w   c:\windows\system32\msctf.dll
- 2004-08-04 12:00:00   151,552   -c----w   c:\windows\system32\msdart.dll
+ 2008-04-14 00:11:59   151,552   ----a-w   c:\windows\system32\msdart.dll
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\system32\msfeeds
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #30 on: December 21, 2008, 07:27:09 PM »
Can you do the following

download Flash_Disinfector and save it to your desktop
  • Double on Flash_Disinfector.exe  to run it. If you receive a prompt, please allow it.
       
  • You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
       
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
[color=\"#4169E1\"]Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/color]

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
File::
c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..

Post that log from ComboFix please with a fresh Hijackthis log
Keep me informed how things are running afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #31 on: December 21, 2008, 07:40:55 PM »
I don't have a flash drive that I use for this computer.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #32 on: December 21, 2008, 07:43:49 PM »
Just carry on with the fixes please
If you don't have a flash drive, don't insert one
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #33 on: December 21, 2008, 08:19:07 PM »
Here.
ComboFix 08-12-21.02 - Garrett's Account 2008-12-21 18:56:02.9 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.959.467 [GMT -6:00]
Running from: c:\documents and settings\Garrett's Account\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Garrett's Account\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job

.
(((((((((((((((((((((((((   Files Created from 2008-11-22 to 2008-12-22  )))))))))))))))))))))))))))))))
.

2008-12-21 12:48 . 2008-12-21 12:48   <DIR>   d--------   C:\Sandbox
2008-12-21 12:48 . 2008-12-21 16:06   1,384   --a------   c:\windows\Sandboxie.ini
2008-12-21 12:47 . 2008-12-21 12:47   <DIR>   d--------   c:\program files\Sandboxie
2008-12-19 23:35 . 2008-12-19 23:35   <DIR>   d--------   c:\program files\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:36   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:35   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-18 23:54 . 2008-12-21 18:00   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-18 20:32 . 2008-12-18 20:54   <DIR>   d--------   c:\windows\system32\Adobe
2008-12-04 22:22 . 2008-12-04 22:22   <DIR>   dr-h-----   C:\AHCache
2008-12-01 16:10 . 2008-12-05 16:57   410,984   --a------   c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 00:10   31   ----a-w   c:\documents and settings\Garrett's Account\jagex_runescape_preferences.dat
2008-12-22 00:01   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-20 05:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:47   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\FrostWire
2008-12-13 06:40   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-05 22:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 22:57   ---------   d-----w   c:\program files\Sun
2008-12-05 22:57   ---------   d-----w   c:\program files\Java
2008-11-22 03:20   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Subversion
2008-11-22 03:19   ---------   d-----w   c:\program files\SCAR 3.15
2008-11-22 03:14   ---------   d-----w   c:\program files\Subversion
2008-11-07 23:04   ---------   d-----w   c:\program files\Canon
2008-11-05 04:29   45,056   ----a-w   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-11-05 04:29   44,032   ----a-w   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-11-04 22:23   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Malwarebytes
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 18:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21   455,296   ------w   c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 12:36   286,720   ------w   c:\windows\system32\dllcache\gdi32.dll
2008-10-22 22:10   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 20:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-16 13:11   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34   337,408   ------w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06   633,632   ----a-w   c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2003-03-18 01:27   307,904   -c--a-w   c:\windows\inf\wg311nd5.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-12-21_16.55.20.06   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-21 22:20:58   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-22 00:10:13   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-21 22:20:58   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-22 00:10:13   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2008-11-15 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2005-04-22 397312]
"CaAvTray"="c:\program files\Yahoo!\Antivirus\CAVTray.exe" [2006-06-15 230512]
"CAVRID"="c:\program files\Yahoo!\Antivirus\CAVRID.exe" [2006-06-15 185456]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6346:TCP"= 6346:TCP:Gnutella

R3 SbieDrv;SbieDrv;\??\c:\program files\Sandboxie\SbieDrv.sys [2008-11-15 102912]
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2005-08-24 16194]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\wg311nd5.sys [2005-08-24 307904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{710a26fe-c38d-11db-98b8-00149541f90b}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\Norton Security Scan for Garrett's Account.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2008-12-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\windows\system32\VetRedir.dll

 - c:\windows\Downloaded Program Files\RhapX.inf
FF - ProfilePath - c:\documents and settings\Garrett's Account\Application Data\Mozilla\Firefox\Profiles\hu1qy710.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\Garrett's Account\Application Data\Mozilla\Firefox\Profiles\hu1qy710.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 19:05:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2008-12-21 19:10:10
ComboFix-quarantined-files.txt  2008-12-22 01:09:12
ComboFix2.txt  2008-12-21 22:57:40
ComboFix3.txt  2008-11-05 04:43:33
ComboFix4.txt  2008-11-04 04:32:26
ComboFix5.txt  2008-12-22 00:52:09

Pre-Run: 49,916,194,816 bytes free
Post-Run: 49,899,245,568 bytes free

195   --- E O F ---   2008-12-18 02:29:20
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #34 on: December 21, 2008, 09:53:28 PM »
Quote
Post that log from ComboFix please with a fresh Hijackthis log
Keep me informed how things are running afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #35 on: December 21, 2008, 09:56:29 PM »
Running great, haven't gotten a pop-up yet. Here is log:
Thanks for all your help, once again...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:07 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8857 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #36 on: December 21, 2008, 11:07:49 PM »
go ahead and delete Flash_Disinfector.exe from desktop
You can also manually delete ATF-Cleaner.exe or hold onto it
to help clean Temp files, cookies, etc...
Note: under the Main window, it will also clear Prefetch
This may cause a delay in startup on bootup, startup will get faster as this folder
is repopulated

Go to START>>RUN>>copy and paste the following then click OK
ComboFix /u
This will uninstall ComboFix and it's components

Do you have SpywareBlaster 4.1 installed?
If not, you have probably seen me recommend it
Do you want instructions?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ___

  • Hero Member
  • *****
  • Posts: 637
  • Karma: +0/-0
    • View Profile
Help!
« Reply #37 on: December 21, 2008, 11:18:46 PM »
Ok combofix is uninstalled, and Yes I will download SpywareBlaster 4.1
Edit) SpywareBlaster is installed.
« Last Edit: December 21, 2008, 11:24:35 PM by i w1sh i was rich »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #38 on: December 21, 2008, 11:31:54 PM »
[quote name=\'i w1sh i was rich\' post=\'452134\' date=\'Dec 21 2008, 08:18 PM\']Ok combofix is uninstalled, and Yes I will download SpywareBlaster 4.1
Edit) SpywareBlaster is installed.[/quote]

Good work, I'll lock this topic as your problems appear resolved
Take care i w1sh i was rich  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »