annoying site
-
annoying site
An unsolicited site appears on my screen when clicking on certain Google entries. I checked with Ad-Aware and AVG but no malicious items were found.
I enclose the last hijack log. Please check, and advise.
Thanks.
Logfile of HijackThis v1.98.2
Scan saved at 10:42:51, on 09-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\ePad995\ePad995.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\twain_32\PUSH650C.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\hijack\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5D4B8E1-708E-4621-894C-B2796607B4DA}: NameServer = 212.117.128.6,212.116.129.3
-
Welcome,
You have a very old version of hijackthis. So in my signature is a link to the newest version of hijackthis. Please click it and follow directions for posting. Thanks.
-
thanks Neal
here are the files
Ad-Aware 2007
Adobe Reader 6.0.1
ADSL Modem Driver Suite Product
AstraSlim
AVG Anti-Spyware 7.5
Backup995
Camel's MPEGJoin
CCleaner (remove only)
CDBurnerXP Pro 3
Convert Doc
DirectAccess
ePad995
Foxit PDF Editor
Free Download Manager 2.3 BETA 6
ftp995
Google Desktop
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 2
Jetsoft Viewing Booth Pro 2.1
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Lizardtech DjVu Control
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Hebrew User Interface Pack
Microsoft Office 97, Professional Edition
Microsoft Office Word Viewer 2003
Microsoft Office XP Web Components
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word Viewer 97
Mozilla Firefox (0.9.3)
Nero 7 Ultra Edition
Norton SystemWorks 2003
OmniFormat
PC Pitstop Exterminate 1.0
PDF Image Magic 1.6
Pdf995
PdfEdit995
Photocopier 3.03
PhotoEdit995
ReaConverter 4.0 Lite
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Site Stats Code Inserter
Spybot - Search & Destroy 1.3
SUPERAntiSpyware Free Edition
Total Commander (Remove or Repair)
Tracks Eraser v5.1
Tweak UI
Ulead COOL 360 1.0
Ulead Photo Explorer 6.0
Universal Document Converter
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VeryPDF PDF2Word v3.0
WinClear v2.5
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:47, on 11-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\ePad995\ePad995.exe
C:\WINDOWS\twain_32\PUSH650C.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5D4B8E1-708E-4621-894C-B2796607B4DA}: NameServer = 212.117.128.6,212.116.129.3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
--
End of file - 6710 bytes
-
What kind of site is it? What does it say?
1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post a new hijackthis log also please.
-
thanks Neal
i don't see the site any more
here are the combofix and hijack logs
ComboFix 07-10-12.4 - dv 2007-10-12 8:34:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.442 [GMT 2:00]
Running from: C:\Documents and Settings\dv\Local Settings\Temporary Internet Files\Content.IE5\IJQ7U5GL\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.
2007-10-11 06:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 05:12 <DIR> d-------- C:\Program Files\PowerPoint Viewer
2007-10-09 11:15 <DIR> d-------- C:\Program Files\IrfanView
2007-10-09 09:19 <DIR> d-------- C:\Program Files\WinClear
2007-10-08 07:24 <DIR> d-------- C:\Program Files\Photocopier
2007-10-08 07:24 210,200 --a------ C:\WINDOWS\system32\TWNPRO3.DLL
2007-10-08 07:24 122,880 --a------ C:\WINDOWS\system32\TWNLIB3.DLL
2007-10-07 10:12 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2007-10-01 11:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-01 06:47 <DIR> d-------- C:\Program Files\jfuse
2007-09-30 07:43 1,197,194 --a------ C:\Documents and Settings\icons\sample.zip
2007-09-26 11:03 3,201 --a------ C:\WINDOWS\extend.dat
2007-09-25 07:20 <DIR> d-------- C:\Program Files\WordView
2007-09-21 10:24 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-09-17 11:05 <DIR> d-------- C:\Program Files\PCPitstop
2007-09-17 11:05 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-16 09:03 <DIR> d-------- C:\Program Files\ViewBooth
2007-09-16 09:03 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-09-16 08:26 87,040 --a------ C:\WINDOWS\system32\wia650f.dll
2007-09-16 08:26 53,760 --a------ C:\WINDOWS\system32\mcro650f.dll
2007-09-16 08:26 13,824 --a------ C:\WINDOWS\system32\drivers\usb650c.sys
2007-09-15 08:57 <DIR> d-------- C:\UDC Snapshots
2007-09-15 08:57 <DIR> d-------- C:\Program Files\Universal Document Converter
2007-09-15 08:57 5,632 --a------ C:\WINDOWS\system32\udcpm.dll
2007-09-15 08:46 <DIR> d-------- C:\Program Files\PDF Image Magic
2007-09-14 06:50 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-14 06:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-14 06:49 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-12 06:34 --------- d-----w C:\Documents and Settings\dv\Application Data\Free Download Manager
2007-10-12 06:34 --------- d-----w C:\Documents and Settings\dv\Application Data\Free Download Manager
2007-10-12 06:34 --------- d-----w C:\Documents and Settings\dv\Application Data\Free Download Manager
2007-10-12 03:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-11 09:36 0 ----a-w C:\Documents and Settings\dv\dv_notes.dat
2007-10-11 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-10-10 15:43 --------- d-----w C:\Program Files\Google
2007-10-09 15:38 --------- d-----w C:\Program Files\ADSL
2007-10-09 09:14 --------- d-----w C:\Program Files\Norton SystemWorks
2007-10-09 09:00 --------- d-----w C:\Documents and Settings\dv\Application Data\AdobeUM
2007-10-09 09:00 --------- d-----w C:\Documents and Settings\dv\Application Data\AdobeUM
2007-10-09 09:00 --------- d-----w C:\Documents and Settings\dv\Application Data\AdobeUM
2007-10-08 08:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-08 05:47 --------- d-----w C:\Documents and Settings\dv\Application Data\RCP 4
2007-10-08 05:47 --------- d-----w C:\Documents and Settings\dv\Application Data\RCP 4
2007-10-08 05:47 --------- d-----w C:\Documents and Settings\dv\Application Data\RCP 4
2007-10-04 04:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-04 04:22 286,720 ------w C:\WINDOWS\Setup1.exe
2007-10-04 04:22 --------- d-----w C:\Program Files\Camel's MPEGJoin
2007-10-02 08:20 --------- d-----w C:\Documents and Settings\dv\Application Data\Ahead
2007-10-02 08:20 --------- d-----w C:\Documents and Settings\dv\Application Data\Ahead
2007-10-02 08:20 --------- d-----w C:\Documents and Settings\dv\Application Data\Ahead
2007-09-16 06:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-11 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-10 04:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 04:14 --------- d-----w C:\Documents and Settings\dv\Application Data\SUPERAntiSpyware.com
2007-09-10 04:14 --------- d-----w C:\Documents and Settings\dv\Application Data\SUPERAntiSpyware.com
2007-09-10 04:14 --------- d-----w C:\Documents and Settings\dv\Application Data\SUPERAntiSpyware.com
2007-09-06 06:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-09-06 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-05 08:08 --------- d-----w C:\Program Files\SmitfraudFix
2007-09-05 07:51 --------- d-----w C:\Documents and Settings\dv\Application Data\Grisoft
2007-09-05 07:51 --------- d-----w C:\Documents and Settings\dv\Application Data\Grisoft
2007-09-05 07:51 --------- d-----w C:\Documents and Settings\dv\Application Data\Grisoft
2007-09-05 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-04 06:21 53,248 ----a-w C:\WINDOWS\system32\Process.exe
2007-09-04 06:21 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 06:20 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
2007-09-03 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-02 04:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-02 02:52 --------- d-----w C:\Program Files\Legendum
2007-08-29 04:20 --------- d-----w C:\Program Files\CCleaner
2007-08-29 04:19 --------- d-----w C:\Program Files\LizardTech
2007-08-28 05:57 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-28 05:57 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-28 05:54 --------- d-----w C:\Program Files\Lavasoft
2007-08-28 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-26 06:58 --------- d-----w C:\Program Files\Softinterface, Inc
2007-08-26 04:24 110,717 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-08-26 04:24 --------- d-----w C:\Documents and Settings\dv\Application Data\Talkback
2007-08-26 04:24 --------- d-----w C:\Documents and Settings\dv\Application Data\Talkback
2007-08-26 04:24 --------- d-----w C:\Documents and Settings\dv\Application Data\Talkback
2007-08-22 03:58 --------- d-----w C:\Program Files\Windows Defender
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 06:09 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-08-20 06:09 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-08-15 02:26 --------- d-----w C:\Documents and Settings\dv\Application Data\Uniblue
2007-08-15 02:26 --------- d-----w C:\Documents and Settings\dv\Application Data\Uniblue
2007-08-15 02:26 --------- d-----w C:\Documents and Settings\dv\Application Data\Uniblue
2007-08-13 04:14 --------- d-----w C:\Program Files\ReaConverter 4.0 Lite
2007-08-03 10:03 679,936 ----a-w C:\WINDOWS\system32\tx13.dll
2007-07-30 16:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 16:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 16:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 09:37 221,184 ----a-w C:\WINDOWS\system32\SII_PDF.dll
2007-07-24 02:01 479,232 ----a-w C:\WINDOWS\system32\tx13_doc.dll
2007-07-23 23:34 225,280 ----a-w C:\WINDOWS\system32\tx13_htm.dll
2007-07-23 23:04 274,432 ----a-w C:\WINDOWS\system32\tx13_css.dll
2007-07-13 02:01 360,448 ----a-w C:\WINDOWS\system32\tx13_rtf.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-06_ 74031.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst .exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi .dll
+ 2006-10-18 18:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 07:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst .exe
+ 2005-06-28 07:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi .dll
+ 2004-08-04 01:07:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
+ 2005-06-28 07:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\sp uninst.exe
+ 2005-06-28 07:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\up dspapi.dll
+ 2006-10-18 18:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi .dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2005-06-28 07:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst .exe
+ 2005-06-28 07:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi .dll
+ 2006-11-01 15:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll
+ 2006-09-25 14:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spun inst.exe
+ 2006-09-25 14:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\upds papi.dll
+ 2004-08-04 01:07:00 286,208 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2004-08-04 01:07:00 159,232 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2004-08-04 01:07:00 695,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2004-08-04 01:07:00 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2004-08-04 01:07:00 103,936 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 01:07:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 01:07:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 01:07:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2004-08-04 01:07:00 259,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2004-08-04 01:07:00 52,224 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2004-08-04 01:07:00 201,728 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2004-08-04 01:07:00 356,352 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2004-08-04 01:07:00 245,760 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2004-08-04 01:07:00 237,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 15:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunins t.exe
+ 2006-05-16 15:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspap i.dll
+ 2006-11-02 08:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinst allutil.dll
+ 2004-08-04 01:07:00 408,064 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2004-08-04 01:07:00 670,720 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2004-08-04 01:07:00 230,400 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2004-08-04 01:07:00 27,136 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2004-08-04 01:07:00 23,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2004-08-04 01:07:00 151,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2004-08-04 01:07:00 1,050,624 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2004-08-04 01:07:00 759,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2004-08-04 01:07:00 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2004-08-04 01:07:00 484,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2004-08-04 01:07:00 896,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2006-12-07 15:02:24 2,174,976 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2004-08-04 01:07:00 809,984 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2004-08-04 01:07:00 1,001,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-09-28 11:46:30 1,184,984 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wvc1dmod.dll
+ 2004-08-04 01:07:00 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-04 01:07:00 368,640 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-08-04 01:07:00 774,144 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 15:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.ex e
+ 2006-05-16 15:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dl l
+ 2004-08-04 01:07:00 208,896 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-04 01:07:00 168,448 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2007-04-29 23:22:16 4,734,976 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-04 01:07:00 114,688 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-04 01:07:00 98,304 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-04 01:07:00 233,472 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-04 01:07:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-04 01:07:00 2,940,928 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-04 01:07:00 102,400 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2006-09-15 22:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunins t.exe
+ 2006-09-15 22:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspap i.dll
+ 2006-09-28 16:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCus tom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2007-07-19 21:47:22 109,056 ----a-w C:\WINDOWS\catchme.exe
+ 2007-09-28 07:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-08-30 10:03:06 337,624 ----a-w C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
- 2007-03-13 07:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-08-08 06:02:21 79,132 ----a-w C:\WINDOWS\forms\FRMCACHE.DAT
+ 2007-09-20 05:48:27 87,204 ----a-w C:\WINDOWS\forms\FRMCACHE.DAT
- 2004-08-04 01:07:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-26 19:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2005-04-21 20:57:26 12,235,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90405809 00063D11C8EF10054038389C\11.0.6506\MSO.DLL
+ 2005-05-03 10:09:02 6,864,584 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90405809 00063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
- 2007-08-24 05:47:16 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-10-09 09:30:34 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
- 2007-08-24 05:47:16 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
+ 2007-10-09 09:30:35 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
- 2007-08-24 05:47:16 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
+ 2007-10-09 09:30:35 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
- 2007-08-24 05:47:16 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57 CAB4E6A8B.exe
+ 2007-10-09 09:30:35 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57 CAB4E6A8B.exe
- 2007-08-24 05:47:16 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57 CAB4E6A8B.exe
+ 2007-10-09 09:30:35 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57 CAB4E6A8B.exe
- 2007-08-24 05:47:16 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA 3FD2017A8240C5B.exe
+ 2007-10-09 09:30:35 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA 3FD2017A8240C5B.exe
- 2007-09-03 08:33:03 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-09-19 09:16:11 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-09-03 08:30:32 135,168 ----a-r C:\WINDOWS\Installer\{901E040D-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 05:42:23 135,168 ----a-r C:\WINDOWS\Installer\{901E040D-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-07 09:44:13 135,168 ----a-r C:\WINDOWS\Installer\{9026040D-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-07 09:44:14 7,168 ----a-r C:\WINDOWS\Installer\{9026040D-6000-11D3-8CFE-0150048383C9}\owcico.exe
+ 2007-10-06 09:48:57 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-06 09:48:57 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2007-10-11 05:26:58 32,768 ----a-r C:\WINDOWS\Installer\{90AF0409-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
- 2007-09-02 04:33:35 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\ARPPRODUCTICON.exe
+ 2007-10-09 06:23:00 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\ARPPRODUCTICON.exe
- 2007-09-06 04:27:23 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-09-10 04:14:39 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2007-09-06 04:27:23 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-09-10 04:14:39 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2007-09-06 04:27:23 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-09-10 04:14:39 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 1999-07-22 15:14:10 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 13:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2007-06-16 21:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
+ 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\browseui.dl l
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:45 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dl l
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\msrating.dl l
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dl l
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\browseui.dl l
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dl l
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\msrating.dl l
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dl l
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\spcustom.dl l
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\updspapi.dl l
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-09-04 16:57:40 167,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\m pas-d.exe
+ 2007-10-11 16:37:24 172,096 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\m pas-d.exe
- 2004-08-04 01:07:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-18 18:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2003-03-18 19:05:50 89,088 ----a-r C:\WINDOWS\system32\atl71.dll
+ 2006-10-18 18:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 1997-04-21 21:00:00 32,768 ----a-w C:\WINDOWS\system32\BIDIEX32.EXE
+ 1997-04-21 22:00:00 32,768 ----a-w C:\WINDOWS\system32\BIDIEX32.EXE
- 2004-08-04 01:07:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 18:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 01:07:00 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 18:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 1997-04-21 21:00:00 57,854 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
+ 1997-04-21 22:00:00 57,854 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
+ 2007-10-02 05:43:53 282,624 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.da t
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 01:07:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-18 18:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 01:07:00 286,208 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 18:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2007-06-14 18:09:18 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 13:12:15 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 01:07:00 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 18:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 13:12:16 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 01:07:00 695,296 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 18:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2007-06-14 18:09:18 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 01:07:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 18:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-08-04 01:07:00 103,936 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 17:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 01:07:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 18:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 01:07:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 18:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 01:07:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 18:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-04 01:07:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-18 18:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2007-06-14 18:09:20 3,058,688 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 01:07:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 18:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-08-04 01:07:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 18:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-08-04 01:07:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 18:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-06-14 18:09:19 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 01:07:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 13
50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 01:07:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 18:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2007-06-14 18:09:20 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 01:07:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 18:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 01:07:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 01:07:00 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 15:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2007-06-14 18:09:20 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-06-14 18:09:20 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 01:07:00 208,896 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-26 19:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-06-14 18:09:20 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:09:10 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 01:07:00 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 18:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-08-04 01:07:00 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 18:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-08-04 01:07:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-18 18:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-08-04 01:07:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 18:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-08-04 01:07:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 18:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-04 01:07:00 168,448 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-18 18:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-08-04 01:07:00 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 18:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-08-04 01:07:00 1,050,624 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 18:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-29 23:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 01:07:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-18 18:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-04 01:07:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-18 18:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 01:07:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-18 18:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-04 01:07:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-18 18:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-04 01:07:00 2,940,928 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-18 18:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-04 01:07:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-18 18:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 01:07:00 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 18:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-08-04 01:07:00 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 18:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-08-04 01:07:00 484,864 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 18:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-08-04 01:07:00 896,512 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 18:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 15:02:24 2,174,976 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 18:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 01:07:00 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 18:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-08-04 01:07:00 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 18:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 18:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-18 17:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 15:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 16:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 17:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 01:07:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 18:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-09-05 07:37:52 198,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-08 08:16:11 199,344 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 01:07:00 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 18:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-04 01:07:00 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 17:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 01:07:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 1997-04-21 22:00:00 730,384 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2006-10-18 18:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 1997-04-21 22:00:00 224,528 ----a-w C:\WINDOWS\system32\MINET32.DLL
+ 2006-10-18 18:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 01:07:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 18:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 18:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 01:07:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 18:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 18:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 01:07:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 18:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2007-08-03 04:34:10 16,789,464 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2006-10-02 12:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 1997-04-21 21:00:00 491,360 ----a-w C:\WINDOWS\system32\MSFS32.DLL
+ 1997-04-21 22:00:00 491,360 ----a-w C:\WINDOWS\system32\MSFS32.DLL
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 1997-06-25 22:00:00 10,544 ----a-w C:\WINDOWS\system32\MSIMRT16.DLL
+ 1997-06-25 22:00:00 22,016 ----a-w C:\WINDOWS\system32\MSIMRT32.DLL
- 2004-08-04 01:07:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 18:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 1997-06-25 22:00:00 1,704,208 ----a-w C:\WINDOWS\system32\MSO97V.DLL
+ 1997-06-25 22:00:00 16,384 ----a-w C:\WINDOWS\system32\MSORFS.DLL
- 2004-08-04 01:07:00 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 18:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-04 01:07:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 18:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 01:07:00 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 1350 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 1997-06-25 22:00:00 229,136 ----a-w C:\WINDOWS\system32\MSV7ENU.DLL
+ 2003-03-18 20:14:52 499,712 ----a-r C:\WINDOWS\system32\msvcp71.dll
+ 2003-02-21 02:42:22 348,160 ----a-r C:\WINDOWS\system32\msvcr71.dll
- 2004-08-04 01:07:00 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 18:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-03-27 08:45:22 38,567 ----a-w C:\WINDOWS\system32\pcpbios.exe
- 2007-09-04 02:45:11 41,040 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-09-16 03:01:52 40,972 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-04 02:45:11 314,838 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-09-16 03:01:52 314,644 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-18 18:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 18:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.d ll
+ 2006-10-18 18:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 18:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 18:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-04 01:07:00 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 18:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2007-10-10 16:01:29 90,676 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2004-08-04 01:07:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-11-17 14:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 14:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-09-15 06:57:08 614,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\FCRTL.d ll
+ 2007-09-15 06:57:08 286,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\FFilm.d ll
+ 2007-09-15 06:57:08 1,384,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\FUDC.dl l
+ 2007-09-15 06:57:08 1,706,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\gdiplus .dll
+ 2007-09-15 06:57:08 163,946 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\iSaver. exe
+ 2007-09-15 06:57:08 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\MemHand ler.dll
+ 2007-09-15 06:57:08 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\udc_ins t.dll
+ 2007-09-15 06:57:08 16,896 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\udcdrv. dll
+ 2007-09-15 06:57:08 16,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\udcdrvu i.dll
+ 2007-09-15 06:57:08 163,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\udclib. dll
+ 2007-09-15 06:57:08 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\udcloc. dll
+ 2007-09-15 06:57:08 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unilib. dll
+ 2007-09-15 06:57:08 614,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\FCRTL.dll
+ 2007-09-15 06:57:08 286,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\FFilm.dll
+ 2007-09-15 06:57:08 1,384,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\FUDC.dll
+ 2007-09-15 06:57:08 1,706,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\gdiplus.d ll
+ 2007-09-15 06:57:08 163,946 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\iSaver.ex e
+ 2007-09-15 06:57:08 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\MemHandle r.dll
+ 2007-09-15 06:57:08 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\udc_inst. dll
+ 2007-09-15 06:57:08 16,896 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\udcdrv.dl l
+ 2007-09-15 06:57:08 16,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\udcdrvui. dll
+ 2007-09-15 06:57:08 163,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\udclib.dl l
+ 2007-09-15 06:57:08 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\udcloc.dl l
+ 2007-09-15 06:57:08 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unilib.dl l
- 2005-06-28 0734 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 14:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-22 15:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-10-05 08:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-03-27 08:45:22 4,096 ----a-w C:\WINDOWS\system32\sysres.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-10-18 18:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
+ 1998-06-17 21:00:00 102,912 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
+ 2006-10-18 18:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 18:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-04 01:07:00 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 18:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-04 01:07:00 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 18:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-08-04 01:07:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 18:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-08-04 01:07:00 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 18:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-08-04 01:07:00 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 18:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 18:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 18:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 18:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 01:07:00 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-18 18:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-04 01:07:00 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 18:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-04 01:07:00 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 18:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-29 23:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 01:07:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 18:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 01:07:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 18:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 18:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-18 18:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 01:07:00 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 18:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 18:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 18:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 01:07:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 18:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 18:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-04 01:07:00 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 18:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-04 01:07:00 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 18:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-04 01:07:00 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 18:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-04 01:07:00 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 18:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 1997-04-21 21:00:00 1,046,704 ----a-w C:\WINDOWS\system32\WMSUI32.DLL
+ 1997-04-21 22:00:00 1,046,704 ----a-w C:\WINDOWS\system32\WMSUI32.DLL
+ 2006-10-18 18:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 18:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 15:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 18:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 18:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-04 01:07:00 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 18:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-04 01:07:00 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 18:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 18:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 18:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 18:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 18:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-18 18:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 18:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 18:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 18:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 18:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 17:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-18 18:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 18:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-18 18:47:22 356,352 ------w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 17:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 15
38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 1516 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 1514 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 1538 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
- 2001-06-19 23:00:08 2,396,160 ----a-w C:\WINDOWS\twain_32\APASTRA.dll
+ 2001-06-20 00:00:08 2,396,160 ----a-w C:\WINDOWS\twain_32\APASTRA.dll
- 2001-09-06 23:01:26 1,392,640 ----a-w C:\WINDOWS\twain_32\ASTRSLIM.exe
+ 2002-07-08 01:00:26 1,392,640 ----a-w C:\WINDOWS\twain_32\ASTRSLIM.exe
- 2007-08-07 05:35:29 61,200 ----a-w C:\WINDOWS\twain_32\CB650C.DAT
+ 2007-10-12 05:38:47 61,200 ----a-w C:\WINDOWS\twain_32\CB650C.DAT
- 2007-08-07 05:35:30 91,856 ----a-w C:\WINDOWS\twain_32\CW650C.DAT
+ 2007-10-12 05:38:48 91,856 ----a-w C:\WINDOWS\twain_32\CW650C.DAT
- 2001-06-19 23:00:06 2,363,392 ----a-w C:\WINDOWS\twain_32\HIASTRA.dll
+ 2001-06-20 00:00:06 2,363,392 ----a-w C:\WINDOWS\twain_32\HIASTRA.dll
- 2001-06-19 23:00:06 1,155,072 ----a-w C:\WINDOWS\twain_32\LOASTRA.dll
+ 2001-06-20 00:00:06 1,155,072 ----a-w C:\WINDOWS\twain_32\LOASTRA.dll
- 2000-01-10 09:00:00 131,072 ----a-w C:\WINDOWS\twain_32\Mapi32.dll
+ 2000-01-10 10:00:00 131,072 ----a-w C:\WINDOWS\twain_32\MAPI32.DLL
- 2001-08-30 23:01:12 36,864 ----a-w C:\WINDOWS\twain_32\PUSH650C.exe
+ 2002-07-08 02:00:16 36,864 ----a-w C:\WINDOWS\twain_32\PUSH650C.EXE
- 2001-06-05 23:00:06 45,056 ----a-w C:\WINDOWS\twain_32\RES2650C.dll
+ 2001-06-06 00:00:06 45,056 ----a-w C:\WINDOWS\twain_32\RES2650C.dll
- 2001-05-23 23:00:06 40,960 ----a-w C:\WINDOWS\twain_32\VMS2650C.dll
+ 2001-05-24 00:00:06 40,960 ----a-w C:\WINDOWS\twain_32\VMS2650C.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 21:22]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 21:23]
"UDC Integration"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 07:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 07:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-09 17:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Tracks Eraser"="C:\Program Files\Tracks Eraser\te.exe" [2007-02-21 11:08]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02]
C:\Documents and Settings\dv\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-04-22]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-04-21 23:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ePad995.lnk - C:\ePad995\ePad995.exe [2007-08-20 10:20:34]
PUSH650C.lnk - C:\WINDOWS\twain_32\PUSH650C.EXE [2007-09-12 10:02:19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"AME_CSA"=rundll32 amecsa.cpl,RUN_DLL
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SY S
R3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;C:\WINDOWS\system32\Drivers\USB650C.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{52ab1f45-41a7-11dc-a134-0001e1052323}]
AutoRun\command - J:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 04:12:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-08-18 10:15:03 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-09 09:14:07 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-10-12 0312 C:\WINDOWS\Tasks\Symantec NetDetect.job"
"2007-09-24 03:25:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-13 07:38:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 08:34:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-10-12 8:35:27
C:\ComboFix-quarantined-files.txt ... 2007-09-06 06:40
C:\ComboFix2.txt ... 2007-09-10 05:54
C:\ComboFix3.txt ... 2007-09-06 06:40
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:32, on 12-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\ePad995\ePad995.exe
C:\WINDOWS\twain_32\PUSH650C.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 6.0\pe6.exe
C:\totalcmd\TOTALCMD.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5D4B8E1-708E-4621-894C-B2796607B4DA}: NameServer = 212.117.128.6,212.116.129.3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
--
End of file - 7026 bytes
-
How is your computer behaving now?
-
Thank you Neal, but no. I have still a problem. Or maybe two.
First – when booting the computer a page, nearly blank, appears, about half of the screen size, with [[ in the title and [[ at upper left. Only when I click on the screen the “welcome” appears and then my desktop.
Secondly – in my IE6 some of the links do not work. When I click on the link only a blank page opens and nothing more. However if I right-click on the link, copy the address from ‘properties’ and paste them in the address line, the page opens correctly.
I am not sure if both bugs are connected. The first one is only annoying, the second is troublesome.
Can you help?
yochanan
Last edited by idr; 15-10-2007 at 06:48 AM.
-
Have you ran a scan with AVG anti-spyware? If not you need to do that and quarantine all it finds.
Go here to learn how to show hidden files/folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Re-hide after we are done
Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:
C:\WINDOWS\unvise32.exe
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
If that one is to busy here is another option:
http://virusscan.jotti.org
And
http://www.kaspersky.com/scanforvirus.html
Do the same for this:
C:\WINDOWS\system32\jsproxy.dll
Please post the results, the first one appears to be a trojan.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found: 
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
New hijackthis log also.
Last edited by Neal; 16-10-2007 at 01:23 AM.
-
here are the scanning logs
for some reason i coudn't scan the whole disk on dr. web so i scaned them separately and saved with the appropriate partition letter.
i am not sure if i prepared the post correctly. please advise ig needed to be corrected
thanks
yochanan
File jsproxy.dll received on 10.17.2007 06:36:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Error! Hyperlink reference not valid.
Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.17.0 2007.10.16 -
AntiVir 7.6.0.23 2007.10.16 -
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
AVG 7.5.0.488 2007.10.16 -
BitDefender 7.2 2007.10.17 -
CAT-QuickHeal 9.00 2007.10.16 -
ClamAV 0.91.2 2007.10.16 -
DrWeb 4.44.0.09170 2007.10.17 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5216 2007.10.17 -
Ewido 4.0 2007.10.16 -
FileAdvisor 1 2007.10.17 -
Fortinet 3.11.0.0 2007.10.17 -
F-Prot 4.3.2.48 2007.10.17 -
F-Secure 6.70.13030.0 2007.10.17 -
Ikarus T3.1.1.12 2007.10.17 -
Kaspersky 7.0.0.125 2007.10.17 -
McAfee 5142 2007.10.16 -
Microsoft 1.2908 2007.10.16 -
NOD32v2 2596 2007.10.17 -
Norman 5.80.02 2007.10.16 -
Panda 9.0.0.4 2007.10.16 -
Prevx1 V2 2007.10.17 -
Rising 19.45.20.00 2007.10.17 -
Sophos 4.22.0 2007.10.17 -
Sunbelt 2.2.907.0 2007.10.16 -
Symantec 10 2007.10.17 -
TheHacker 6.2.8.093 2007.10.16 -
VBA32 3.12.2.4 2007.10.16 -
VirusBuster 4.3.26:9 2007.10.16 -
Webwasher-Gateway 6.6.1 2007.10.17 -
Additional information
File size: 16384 bytes
MD5: e4772186e46a36ddf56bd73a5a604263
SHA1: 2e85ef39ba2bcc36a3054b77f06d5a9a89373416
File unvise32.exe received on 10.17.2007 06:31:51 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/29 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Error! Hyperlink reference not valid.
Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.13.1 2007.10.12 -
AntiVir 7.6.0.23 2007.10.16 -
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
BitDefender 7.2 2007.10.17 -
CAT-QuickHeal 9.00 2007.10.16 -
ClamAV 0.91.2 2007.10.16 -
DrWeb 4.44.0.09170 2007.10.17 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5216 2007.10.17 -
Ewido 4.0 2007.10.16 -
FileAdvisor 1 2007.10.17 -
Fortinet 3.11.0.0 2007.10.17 -
F-Secure 6.70.13030.0 2007.10.16 -
Ikarus T3.1.1.12 2007.10.17 -
Kaspersky 7.0.0.125 2007.10.17 -
McAfee 5142 2007.10.16 -
Microsoft 1.2908 2007.10.16 -
NOD32v2 2596 2007.10.17 -
Norman 5.80.02 2007.10.16 -
Panda 9.0.0.4 2007.10.16 -
Prevx1 V2 2007.10.17 -
Rising 19.45.20.00 2007.10.17 -
Sophos 4.22.0 2007.10.17 -
Sunbelt 2.2.907.0 2007.10.13 -
TheHacker 6.2.8.093 2007.10.16 -
VBA32 3.12.2.4 2007.10.16 -
VirusBuster 4.3.26:9 2007.10.16 -
Webwasher-Gateway 6.6.1 2007.10.17 -
Additional information
File size: 86016 bytes
MD5: 84b4f61f59a421bd85d97b35d194b42b
SHA1: d3f2bac1a72f82c42d551c066c8ec841f46adb60
Process.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.ShutDown.11; ;
NMSAccess.exe;C:\Program Files\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
Process.exe;C:\Program Files\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Program Files\SmitfraudFix;Tool.ShutDown.11;;
A0026522.bat;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP133;Probably SCRIPT.Virus;;
A0036342.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036368.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036369.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036370.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0039036.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP187;Trojan.Popuper;Deleted.;
A0040342.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0040343.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0041896.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP212;Trojan.MulDrop.origin;Incurabl e.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
Process.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.ShutDown.11; ;
NMSAccess.exe;C:\Program Files\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
Process.exe;C:\Program Files\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Program Files\SmitfraudFix;Tool.ShutDown.11;;
A0026522.bat;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP133;Probably SCRIPT.Virus;;
A0036342.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036368.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036369.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036370.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0039036.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP187;Trojan.Popuper;Deleted.;
A0040342.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0040343.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0041896.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP212;Trojan.MulDrop.origin;Incurabl e.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
NMSAccess.exe;F:\disk\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
installprivacyprotectorfree.exe;F:\download;Trojan .DownLoader.34904;Deleted.;
NMSAccess.exe;F:\download\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
data001\data003;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001\data005;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Trojan.Is bar.438;;
data001\data007;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001\data009;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE;Archive contains infected objects;;
A0017607.EXE\data002;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE;Adware.MWS;;
A0017607.EXE;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Archive contains infected objects;Moved.;
A0017608.dll;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Dap;;
A0017609.dll;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Dap;;
A0017610.exe;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Comet;;
A0041897.exe;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP212;Trojan.DownLoader.34904;Delete d.;
WinTrikX.exe;F:\wcomp\i\wtrix;Probably WIN.BATCH.Virus;;
Process.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.Prockill;;
Process.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\dv\Desktop\SmitfraudFix;Tool.ShutDown.11; ;
NMSAccess.exe;C:\Program Files\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
Process.exe;C:\Program Files\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Program Files\SmitfraudFix;Tool.ShutDown.11;;
A0026522.bat;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP133;Probably SCRIPT.Virus;;
A0036342.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036368.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036369.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0036370.EXE;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP161;Trojan.Packed.140;Deleted.;
A0039036.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP187;Trojan.Popuper;Deleted.;
A0040342.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0040343.ini;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP202;Trojan.Fakealert.305;Deleted.;
A0041896.exe;C:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP212;Trojan.MulDrop.origin;Incurabl e.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
NMSAccess.exe;F:\disk\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
installprivacyprotectorfree.exe;F:\download;Trojan .DownLoader.34904;Deleted.;
NMSAccess.exe;F:\download\CDBurnerXP Pro 3\Tools;Program.PsKill.origin;;
data001\data003;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001\data005;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Trojan.Is bar.438;;
data001\data007;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001\data009;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE\data001;Adware.Ms earch;;
data001;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE;Archive contains infected objects;;
A0017607.EXE\data002;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128\A0017607.EXE;Adware.MWS;;
A0017607.EXE;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Archive contains infected objects;Moved.;
A0017608.dll;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Dap;;
A0017609.dll;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Dap;;
A0017610.exe;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP128;Adware.Comet;;
A0041897.exe;F:\System Volume Information\_restore{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP212;Trojan.DownLoader.34904;Delete d.;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:51, on 17-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Tracks Eraser\te.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\ePad995\ePad995.exe
C:\WINDOWS\twain_32\PUSH650C.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Outlook Express\msimn.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-1085031214-1960408961-839522115-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1085031214-1960408961-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1960408961-839522115-1003\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1960408961-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-1085031214-1960408961-839522115-1003 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User '?')
O4 - S-1-5-21-1085031214-1960408961-839522115-1003 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User '?')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O4 - Global Startup: PUSH650C.lnk = C:\WINDOWS\twain_32\PUSH650C.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5D4B8E1-708E-4621-894C-B2796607B4DA}: NameServer = 212.117.128.6,212.116.129.3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
--
End of file - 8047 bytes
-
Any different?
Please rescan those two files useing the kaspersky file scanner please and post the results. Thanks.
Elite Member
