my computer is becoming irritating!

alex12345 · Jan 20, 2010

I've had the computer go into emergency memory dump about 3 times a week last few weeks. it is also getting slower.
when i've been running the computer for more than 1hr it gets 50% less responsive to general comands. i've deleted all my file sharing programs a while ago and i stay off warez and other shady web sites. i have kaspersky and malwarebytes but they haven't found anything. would anyone have the time to have a look at these logs i've made.
by the way happy new year to all the moderators and spyware blasters!

Malwarebytes' Anti-Malware 1.44
Database version: 3597
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

20/01/2010 3:48:25 AM
mbam-log-2010-01-20 (03-48-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 262908
Time elapsed: 3 hour(s), 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:31:07 PM, on 20/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\system32\PDesk\PDesk.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2384137
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb0.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143243688453
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c98d3f3d9daa2e) (gupdate1c98d3f3d9daa2e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 10687 bytes

johnb35 · Jan 20, 2010

Rerun hijackthis and place a check next to these entries.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

Then click on fix checked at the bottom.

I'm very highly recommending to go into add/remove programs and uninstall the Ask toolbar and Advanced registry optimizer as the registry progams often do more harm then good. And its possible this program is what is causing your issue. I also recommend you to uninstall the Iobit toolbar if you really don't use it.

If uninstalling the registry program doesn't fix your issue do this.

Lets see if there is anything hiding on your system.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

alex12345 · Jan 20, 2010

combo fix took about 30min but i didn't find findstr, find, sed or swreg in taskmanager?
i've tried uploading the .txt files as i figure it would be easier to read but was told the txt file is to big or it the wrong type of file, though the hijackthis log is txt.
the computer does seem to be running faster
BIG THANK YOU!!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:09:22 AM, on 21/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2384137
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143243688453
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c98d3f3d9daa2e) (gupdate1c98d3f3d9daa2e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9579 bytes

johnb35 · Jan 20, 2010

The combofix log will be located at C:\combofix.txt Just open that file with notepad and copy and paste the log back here. You did not need to find those other files.

alex12345 · Jan 20, 2010

is there any way to attach the combofix log?

alex12345 · Jan 20, 2010

ComboFix 10-01-19.08 - owner 21/01/2010 1:39.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.677 [GMT 11:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 07:27 . 2010-01-20 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 03:43 . 2010-01-20 07:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-01-20 03:41 . 2008-04-13 11:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-20 03:41 . 2009-07-30 23:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-20 03:41 . 2008-04-13 11:57 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-20 03:41 . 2008-04-13 18:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-20 03:39 . 2008-04-13 18:41 59392 ------w- c:\windows\system32\eapqec.dll
2010-01-20 03:18 . 2008-04-13 11:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-01-20 03:18 . 2008-04-13 13:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 03:17 . 2008-04-13 13:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-16 04:25 . 2010-01-16 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-15 18:33 . 2010-01-15 18:33 -------- d-----w- c:\program files\TrendMicro
2010-01-15 12:17 . 2010-01-15 12:17 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Conduit
2010-01-15 12:16 . 2010-01-15 12:16 -------- d-----w- c:\program files\Conduit
2010-01-15 07:25 . 2010-01-15 07:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-15 06:54 . 2010-01-15 06:54 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-01-15 06:48 . 2010-01-15 06:48 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- c:\windows\ie8updates
2010-01-15 06:12 . 2010-01-15 06:20 -------- dc-h--w- c:\windows\ie8
2010-01-15 05:56 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-15 05:56 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-15 05:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 19:30 . 2010-01-14 19:30 48 ----a-w- c:\windows\wpd99.drv
2010-01-13 09:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 11:09 . 2010-01-07 11:32 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Temp
2010-01-04 11:55 . 2010-01-04 11:55 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-28 08:56 . 2009-12-28 08:56 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-28 08:54 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-28 08:54 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-28 07:50 . 2009-12-28 07:50 60940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-28 07:30 . 2001-08-17 11:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-28 07:30 . 2004-08-03 13:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-28 06:29 . 2009-12-28 06:29 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-28 06:11 . 2010-01-04 11:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-28 05:25 . 2010-01-15 19:23 -------- d-----w- c:\program files\Microsoft Works
2009-12-28 05:00 . 2009-12-28 06:24 -------- d-----w- c:\program files\Microsoft.NET
2009-12-28 04:16 . 2009-12-28 05:17 -------- d-----w- c:\windows\SHELLNEW
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----r- C:\MSOCache
2009-12-27 00:01 . 2009-12-27 00:01 -------- d-----w- c:\program files\iPod
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\program files\iTunes
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 23:47 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-26 13:38 . 2009-12-26 13:38 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Microsoft Help
2009-12-26 13:37 . 2010-01-15 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 13:55 . 2007-12-09 12:47 -------- d-----w- c:\program files\Autodesk
2010-01-20 13:55 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-20 10:32 . 2009-12-28 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-20 09:37 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 04:10 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-20 03:52 . 2004-09-11 19:42 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-16 23:26 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 18:33 . 2010-01-15 18:33 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 12:16 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\owner\Application Data\IObit
2010-01-15 00:49 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 20:13 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 20:12 . 2008-10-16 09:38 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 19:30 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-07 05:07 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 05:07 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:31 . 2009-12-28 08:56 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-01 05:56 . 2010-01-01 05:56 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 14:51 . 2009-12-28 14:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 14:51 . 2009-12-28 14:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 14:46 . 2009-12-28 14:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Search
2009-12-28 09:00 . 2009-12-28 09:00 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Desktop Search
2009-12-28 06:10 . 2005-05-03 13:11 73712 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 00:11 . 2005-06-26 14:23 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-12-27 00:01 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 23:57 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-12-26 23:47 . 2007-09-10 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-26 19:01 . 2009-12-26 19:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-26 17:49 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-12-26 17:33 . 2009-12-26 17:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-16 03:42 . 2009-12-18 16:32 872960 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 03:42 . 2009-12-18 16:32 43008 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 03:42 . 2009-12-18 16:32 340480 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 03:41 . 2009-12-18 16:32 346624 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-26 18:57 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:08 . 2009-11-19 10:08 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Australian\setup.exe
2009-11-04 05:49 . 2010-01-15 12:16 635664 ----a-w- c:\documents and settings\owner\Application Data\IObit\Common\TB_Helper.exe
2009-10-29 07:45 . 2002-08-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_08.58.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 18:42 . 2008-04-13 18:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-13 18:42 . 2008-04-13 18:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2007-02-18 00:37 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 50688 c:\windows\twain_32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50688 c:\windows\twain_32.dll
+ 2010-01-20 09:37 . 2010-01-20 09:37 16384 c:\windows\temp\Perflib_Perfdata_f8.dat
+ 2004-09-11 19:38 . 2008-04-13 18:42 11776 c:\windows\system32\xolehlp.dll
- 2004-09-11 19:38 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 50176 c:\windows\system32\xmlprovi.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 50176 c:\windows\system32\xmlprovi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 30720 c:\windows\system32\xcopy.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 30720 c:\windows\system32\xcopy.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 91648 c:\windows\system32\xactsrv.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 91648 c:\windows\system32\xactsrv.dll
+ 2002-08-29 03:41 . 2008-04-13 18:42 52736 c:\windows\system32\wzcsapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18432 c:\windows\system32\wtsapi32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18432 c:\windows\system32\wtsapi32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 50688 c:\windows\system32\wstdecod.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50688 c:\windows\system32\wstdecod.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 22528 c:\windows\system32\wsock32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 22528 c:\windows\system32\wsock32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 41984 c:\windows\system32\wsnmp32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19456 c:\windows\system32\wshtcpip.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 11264 c:\windows\system32\wshrm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\wship6.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14336 c:\windows\system32\wship6.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90112 c:\windows\system32\wshext.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 36864 c:\windows\system32\wshcon.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 80896 c:\windows\system32\wscsvc.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 13824 c:\windows\system32\wscntfy.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 13824 c:\windows\system32\wscntfy.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 19968 c:\windows\system32\ws2help.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19968 c:\windows\system32\ws2help.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 82432 c:\windows\system32\ws2_32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 11264 c:\windows\system32\wpnpinst.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 32256 c:\windows\system32\wpabaln.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 32256 c:\windows\system32\wpabaln.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 92672 c:\windows\system32\wlnotify.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 92672 c:\windows\system32\wlnotify.dll
+ 2005-05-12 07:53 . 2008-04-13 18:42 69120 c:\windows\system32\wlanapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 53760 c:\windows\system32\winsta.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 53760 c:\windows\system32\winsta.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 17408 c:\windows\system32\winshfhc.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 17408 c:\windows\system32\winshfhc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 99328 c:\windows\system32\winscard.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 99328 c:\windows\system32\winscard.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\winrnr.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 16896 c:\windows\system32\winrnr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 32256 c:\windows\system32\winipsec.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 75776 c:\windows\system32\wiascr.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 75776 c:\windows\system32\wiascr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 65024 c:\windows\system32\wextract.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\webclnt.dll
- 2002-08-29 12:00 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2001-08-17 22:37 . 2008-04-13 18:42 23552 c:\windows\system32\wdmaud.drv
- 2001-08-17 22:37 . 2004-08-03 13:56 23552 c:\windows\system32\wdmaud.drv
+ 2002-08-29 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 95232 c:\windows\system32\wbem\wmiutils.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 41472 c:\windows\system32\wbem\wmipsess.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 60928 c:\windows\system32\wbem\wmicookr.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 43520 c:\windows\system32\wbem\wbemsvc.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 18944 c:\windows\system32\wbem\wbemprox.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 71680 c:\windows\system32\wbem\wbemcons.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 86528 c:\windows\system32\wbem\stdprov.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 86528 c:\windows\system32\wbem\stdprov.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 36352 c:\windows\system32\wbem\scrcons.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 92672 c:\windows\system32\wbem\policman.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 92672 c:\windows\system32\wbem\policman.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 47104 c:\windows\system32\wbem\ncprov.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 47104 c:\windows\system32\wbem\ncprov.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 16384 c:\windows\system32\wbem\mofcomp.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 16384 c:\windows\system32\wbem\mofcomp.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-09-11 19:38 . 2008-04-13 18:41 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 45056 c:\windows\system32\wbem\cmdevtgprov.dll
+ 2002-08-29 12:00 . 2008-04-13 13:15 17664 c:\windows\system32\watchdog.sys
- 2002-08-29 12:00 . 2004-08-03 13:07 17664 c:\windows\system32\watchdog.sys
- 2005-05-03 12:59 . 2004-08-03 14:56 15872 c:\windows\system32\w3ssl.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 15872 c:\windows\system32\w3ssl.dll
+ 2008-05-29 08:42 . 2008-04-13 18:42 53760 c:\windows\system32\vfwwdm32.dll
- 2008-05-29 08:42 . 2004-08-03 13:56 53760 c:\windows\system32\vfwwdm32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\version.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\version.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26624 c:\windows\system32\verifier.dll
+ 2006-03-17 00:38 . 2008-04-13 18:42 28672 c:\windows\system32\verclsid.exe
- 2006-03-17 00:38 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 51712 c:\windows\system32\vdmredir.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 51712 c:\windows\system32\vdmredir.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\vdmdbg.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 26112 c:\windows\system32\vdmdbg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 30749 c:\windows\system32\vbajet32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 30749 c:\windows\system32\vbajet32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50176 c:\windows\system32\utilman.exe
- 2002-08-29 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 19968 c:\windows\system32\usmt\log.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 19968 c:\windows\system32\usmt\log.dll
+ 2010-01-20 03:39 . 2008-04-13 11:14 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\userinit.exe
- 2001-08-17 22:36 . 2004-08-03 14:56 74240 c:\windows\system32\usbui.dll
+ 2001-08-17 22:36 . 2008-04-13 18:42 74240 c:\windows\system32\usbui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\usbmon.dll

alex12345 · Jan 20, 2010

+ 2001-08-17 22:36 . 2008-04-13 18:42 74240 c:\windows\system32\usbui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\usbmon.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 16896 c:\windows\system32\usbmon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18432 c:\windows\system32\ups.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 18432 c:\windows\system32\ups.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\upnpcont.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 16896 c:\windows\system32\upnpcont.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13824 c:\windows\system32\uniplat.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 13824 c:\windows\system32\uniplat.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 74240 c:\windows\system32\unimdmat.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 74240 c:\windows\system32\unimdmat.dll
- 2005-05-03 12:59 . 2004-08-03 13:04 76288 c:\windows\system32\uniime.dll
+ 2005-05-03 12:59 . 2008-04-13 18:41 76288 c:\windows\system32\uniime.dll
- 2002-08-29 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 35840 c:\windows\system32\umandlg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26624 c:\windows\system32\udhisapi.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 57856 c:\windows\system32\twext.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 50688 c:\windows\system32\tspkg.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 53248 c:\windows\system32\tsgqec.dll
+ 2002-08-29 12:00 . 2008-04-13 18:43 12168 c:\windows\system32\tsddd.dll
- 2002-08-29 12:00 . 2004-08-03 15:01 12168 c:\windows\system32\tsddd.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 93696 c:\windows\system32\tscfgwmi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90112 c:\windows\system32\trkwks.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 12800 c:\windows\system32\tree.com
+ 2002-08-29 12:00 . 2008-04-13 18:42 12288 c:\windows\system32\tracert.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 12288 c:\windows\system32\tracert.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 73216 c:\windows\system32\tlntsvr.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 73216 c:\windows\system32\tlntsvr.exe
+ 2002-08-29 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
- 2002-08-29 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 61440 c:\windows\system32\tlntadmn.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 61440 c:\windows\system32\tlntadmn.exe
- 2002-08-29 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2002-08-29 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 45568 c:\windows\system32\tcpmonui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 45568 c:\windows\system32\tcpmonui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 45568 c:\windows\system32\tcpmon.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 45568 c:\windows\system32\tcpmon.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14848 c:\windows\system32\tcpmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14848 c:\windows\system32\tcpmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77824 c:\windows\system32\tasklist.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 76288 c:\windows\system32\taskkill.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 71680 c:\windows\system32\systeminfo.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 57856 c:\windows\system32\synceng.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 57856 c:\windows\system32\synceng.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14336 c:\windows\system32\svchost.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\svchost.exe
- 2005-05-03 12:59 . 2009-10-21 06:00 75776 c:\windows\system32\strmfilt.dll
+ 2005-05-03 12:59 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2004-09-12 05:07 . 2008-04-13 18:42 74752 c:\windows\system32\storprop.dll
- 2004-09-12 05:07 . 2004-08-03 14:56 74752 c:\windows\system32\storprop.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14848 c:\windows\system32\stimon.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 14848 c:\windows\system32\stimon.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\sti.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 59392 c:\windows\system32\stclient.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\ssstars.scr
- 2002-08-29 12:00 . 2004-08-03 14:56 14336 c:\windows\system32\ssstars.scr
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\ssmyst.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\ssmyst.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 47104 c:\windows\system32\ssmypics.scr
- 2002-08-29 12:00 . 2004-08-03 14:56 47104 c:\windows\system32\ssmypics.scr
- 2002-08-29 12:00 . 2004-08-03 14:56 20992 c:\windows\system32\ssmarque.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 20992 c:\windows\system32\ssmarque.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 71680 c:\windows\system32\ssdpsrv.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 71680 c:\windows\system32\ssdpsrv.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 34816 c:\windows\system32\ssdpapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 34816 c:\windows\system32\ssdpapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19968 c:\windows\system32\ssbezier.scr
- 2002-08-29 12:00 . 2004-08-03 14:56 19968 c:\windows\system32\ssbezier.scr
- 2002-08-29 12:00 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 96768 c:\windows\system32\srvsvc.dll
+ 2004-09-11 19:40 . 2008-04-13 18:42 67584 c:\windows\system32\srclient.dll
- 2004-09-11 19:40 . 2004-08-03 14:56 67584 c:\windows\system32\srclient.dll
+ 2004-08-03 14:56 . 2008-04-13 18:42 20992 c:\windows\system32\spupdwxp.exe
- 2002-08-29 12:00 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 57856 c:\windows\system32\spoolsv.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 75264 c:\windows\system32\spoolss.dll
+ 2004-08-03 14:56 . 2008-04-13 18:42 11264 c:\windows\system32\spnpinst.exe
- 2002-08-29 12:00 . 2004-08-03 12:59 12800 c:\windows\system32\spiisupd.exe
+ 2002-08-29 12:00 . 2008-04-13 13:13 12800 c:\windows\system32\spiisupd.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 24576 c:\windows\system32\sort.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\snmpapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\snmpapi.dll
+ 2010-01-20 03:40 . 2008-04-13 18:42 10752 c:\windows\system32\smtpapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 50688 c:\windows\system32\smss.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 50688 c:\windows\system32\smss.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 89600 c:\windows\system32\smlogsvc.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 89600 c:\windows\system32\smlogsvc.exe
- 2005-05-03 12:59 . 2004-08-03 14:56 73796 c:\windows\system32\slserv.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 73796 c:\windows\system32\slserv.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 32866 c:\windows\system32\slrundll.exe
- 2005-05-03 12:59 . 2004-08-03 14:56 32866 c:\windows\system32\slrundll.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 73832 c:\windows\system32\slcoinst.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 73832 c:\windows\system32\slcoinst.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 98304 c:\windows\system32\slbiop.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 98304 c:\windows\system32\slbiop.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\slayerxp.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 25088 c:\windows\system32\slayerxp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\skeys.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 26112 c:\windows\system32\skeys.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 70144 c:\windows\system32\sigverif.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 70144 c:\windows\system32\sigverif.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 13312 c:\windows\system32\sigtab.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 13312 c:\windows\system32\sigtab.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 19456 c:\windows\system32\shutdown.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 19456 c:\windows\system32\shutdown.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 27648 c:\windows\system32\shscrap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 27648 c:\windows\system32\shscrap.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 77824 c:\windows\system32\shrpubw.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 77824 c:\windows\system32\shrpubw.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 45056 c:\windows\system32\shmgrate.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 65024 c:\windows\system32\shimeng.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\shgina.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 68096 c:\windows\system32\shgina.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\shfolder.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 25088 c:\windows\system32\shfolder.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 32768 c:\windows\system32\setupn.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 33792 c:\windows\system32\Setup\tabletoc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 33792 c:\windows\system32\Setup\tabletoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17408 c:\windows\system32\Setup\ocmsn.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\Setup\ocgen.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 62976 c:\windows\system32\Setup\ntoc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 62976 c:\windows\system32\Setup\ntoc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 77312 c:\windows\system32\Setup\netoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\Setup\netoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\Setup\msgrocm.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90112 c:\windows\system32\Setup\msdtcstp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 16896 c:\windows\system32\Setup\medctroc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 16896 c:\windows\system32\Setup\medctroc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 32828 c:\windows\system32\Setup\fp40ext.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 23040 c:\windows\system32\setup.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 23040 c:\windows\system32\setup.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 31232 c:\windows\system32\sethc.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 31232 c:\windows\system32\sethc.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 56320 c:\windows\system32\servdeps.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 56320 c:\windows\system32\servdeps.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 39424 c:\windows\system32\sens.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 54784 c:\windows\system32\sendmail.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 29184 c:\windows\system32\sendcmsg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 29184 c:\windows\system32\sendcmsg.dll
+ 2002-08-29 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\seclogon.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\seclogon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\secedit.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 29184 c:\windows\system32\sdhcinst.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 29184 c:\windows\system32\sdhcinst.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\sdbinst.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 77312 c:\windows\system32\sdbinst.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 20480 c:\windows\system32\sclgntfy.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 95744 c:\windows\system32\scardsvr.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 95744 c:\windows\system32\scardsvr.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 69632 c:\windows\system32\scarddlg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 69632 c:\windows\system32\scarddlg.dll
+ 2002-08-29 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 13312 c:\windows\system32\savedump.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13312 c:\windows\system32\savedump.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 64000 c:\windows\system32\samlib.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 64000 c:\windows\system32\samlib.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 45568 c:\windows\system32\safrslv.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 45568 c:\windows\system32\safrslv.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 29696 c:\windows\system32\safrdm.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 29696 c:\windows\system32\safrdm.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 43520 c:\windows\system32\safrcdlg.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 43520 c:\windows\system32\safrcdlg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\runonce.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 14336 c:\windows\system32\runonce.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 33280 c:\windows\system32\rundll32.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 33280 c:\windows\system32\rundll32.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 44032 c:\windows\system32\rtutils.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 44032 c:\windows\system32\rtutils.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 31744 c:\windows\system32\rtipxmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 31744 c:\windows\system32\rtipxmib.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 77312 c:\windows\system32\rtcshare.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\rtcshare.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 92672 c:\windows\system32\rsvpsp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\rsmps.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\rsmps.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 39936 c:\windows\system32\rshx32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 39936 c:\windows\system32\rshx32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14848 c:\windows\system32\rsh.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 14848 c:\windows\system32\rsh.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13824 c:\windows\system32\rexec.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 13824 c:\windows\system32\rexec.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 58880 c:\windows\system32\resutils.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 58880 c:\windows\system32\resutils.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 60416 c:\windows\system32\remotepg.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 60416 c:\windows\system32\remotepg.dll
+ 2010-01-20 03:11 . 2004-08-03 12:59 36096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\intelppm.sys
+ 2010-01-20 03:10 . 2004-08-03 12:59 37376 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\amdk7.sys
- 2002-08-29 12:00 . 2004-08-03 14:56 11776 c:\windows\system32\regsvr32.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 11776 c:\windows\system32\regsvr32.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 59904 c:\windows\system32\regsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 59904 c:\windows\system32\regsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 49664 c:\windows\system32\regapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 49664 c:\windows\system32\regapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 50176 c:\windows\system32\reg.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 50176 c:\windows\system32\reg.exe
+ 2004-09-11 19:38 . 2008-04-13 18:42 67072 c:\windows\system32\rdshost.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 67072 c:\windows\system32\rdshost.exe
+ 2004-09-11 19:38 . 2008-04-13 18:42 13824 c:\windows\system32\rdsaddin.exe
- 2004-09-11 19:38 . 2004-08-03 14:56 13824 c:\windows\system32\rdsaddin.exe
- 2004-09-11 19:38 . 2004-08-03 15:01 87176 c:\windows\system32\rdpwsx.dll
+ 2004-09-11 19:38 . 2008-04-13 18:43 87176 c:\windows\system32\rdpwsx.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 19968 c:\windows\system32\rdpsnd.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 19968 c:\windows\system32\rdpsnd.dll
+ 2002-08-29 12:00 . 2008-04-13 18:43 92424 c:\windows\system32\rdpdd.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 62976 c:\windows\system32\rdpclip.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 21504 c:\windows\system32\rcp.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 21504 c:\windows\system32\rcp.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 35840 c:\windows\system32\rcimlby.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 35840 c:\windows\system32\rcimlby.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 58368 c:\windows\system32\rastapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16384 c:\windows\system32\rassapi.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 61952 c:\windows\system32\rasqec.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 56832 c:\windows\system32\rasphone.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 56832 c:\windows\system32\rasphone.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 61440 c:\windows\system32\rasman.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 61440 c:\windows\system32\rasman.dll
+ 2002-08-29 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 88576 c:\windows\system32\rasauto.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 43520 c:\windows\system32\racpldlg.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 43520 c:\windows\system32\racpldlg.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 76800 c:\windows\system32\qutil.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 19968 c:\windows\system32\qprocess.exe
+ 2004-09-11 19:40 . 2008-04-13 18:42 18944 c:\windows\system32\qmgrprxy.dll
- 2004-09-11 19:40 . 2004-08-03 14:56 18944 c:\windows\system32\qmgrprxy.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 62464 c:\windows\system32\qcliprov.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 34304 c:\windows\system32\pstorsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 34304 c:\windows\system32\pstorsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 43520 c:\windows\system32\pstorec.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 43520 c:\windows\system32\pstorec.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 96768 c:\windows\system32\psbase.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 96768 c:\windows\system32\psbase.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 23040 c:\windows\system32\psapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 23040 c:\windows\system32\psapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 50176 c:\windows\system32\proquota.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 50176 c:\windows\system32\proquota.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 27648 c:\windows\system32\profmap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 27648 c:\windows\system32\profmap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17408 c:\windows\system32\powrprof.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 17408 c:\windows\system32\powrprof.dll
+ 2005-05-03 12:59 . 2008-04-13 18:42 49152 c:\windows\system32\powercfg.exe
- 2005-05-03 12:59 . 2004-08-03 14:56 49152 c:\windows\system32\powercfg.exe
+ 2005-05-03 12:59 . 2008-04-13 18:42 58880 c:\windows\system32\pnrpnsp.dll
+ 2001-08-17 22:36 . 2008-04-13 18:42 15360 c:\windows\system32\pjlmon.dll
- 2001-08-17 22:36 . 2004-08-03 14:56 15360 c:\windows\system32\pjlmon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17920 c:\windows\system32\ping.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 17920 c:\windows\system32\ping.exe
+ 2002-08-29 12:00 . 2008-04-13 18:39 24064 c:\windows\system32\pidgen.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 24064 c:\windows\system32\pidgen.dll
+ 2002-08-29 03:41 . 2008-04-13 18:42 35328 c:\windows\system32\pid.dll
- 2002-08-29 03:41 . 2004-08-03 14:56 35328 c:\windows\system32\pid.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 34816 c:\windows\system32\perfproc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 34816 c:\windows\system32\perfproc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\perfos.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 25088 c:\windows\system32\perfos.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17920 c:\windows\system32\perfnet.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15872 c:\windows\system32\perfmon.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 15872 c:\windows\system32\perfmon.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 26624 c:\windows\system32\perfdisk.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 26624 c:\windows\system32\perfdisk.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 39936 c:\windows\system32\perfctrs.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 39936 c:\windows\system32\perfctrs.dll
+ 2002-08-29 12:00 . 2010-01-20 08:39 92790 c:\windows\system32\perfc009.dat
- 2002-08-29 12:00 . 2010-01-04 11:59 92790 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2008-04-13 18:42 67584 c:\windows\system32\pautoenr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 58368 c:\windows\system32\packager.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 58368 c:\windows\system32\packager.exe

alex12345 · Jan 20, 2010

+ 2002-08-29 12:00 . 2008-04-13 18:42 67584 c:\windows\system32\osuninst.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 67584 c:\windows\system32\osuninst.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 67584 c:\windows\system32\openfiles.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 67584 c:\windows\system32\openfiles.exe
+ 2004-09-11 19:40 . 2008-04-13 18:42 51200 c:\windows\system32\oobe\oobebaln.exe
- 2004-09-11 19:40 . 2004-08-03 14:56 51200 c:\windows\system32\oobe\oobebaln.exe
+ 2004-09-11 19:41 . 2008-04-13 18:42 29184 c:\windows\system32\oobe\msoobe.exe
+ 2004-09-11 19:41 . 2008-04-13 18:42 19456 c:\windows\system32\oobe\msobweb.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 30720 c:\windows\system32\oobe\msobshel.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 30720 c:\windows\system32\oobe\msobshel.dll
- 2004-09-11 19:41 . 2004-08-03 14:56 16384 c:\windows\system32\oobe\msobdl.dll
+ 2004-09-11 19:41 . 2008-04-13 18:42 16384 c:\windows\system32\oobe\msobdl.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 84992 c:\windows\system32\olepro32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 37376 c:\windows\system32\olecnv32.dll
- 2002-08-29 12:00 . 2005-07-26 04:39 74752 c:\windows\system32\olecli32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 74752 c:\windows\system32\olecli32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20511 c:\windows\system32\odtext32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 20511 c:\windows\system32\odtext32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 20510 c:\windows\system32\odpdx32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20510 c:\windows\system32\odpdx32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 20510 c:\windows\system32\odfox32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20510 c:\windows\system32\odfox32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 20510 c:\windows\system32\odexl32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20510 c:\windows\system32\odexl32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 20511 c:\windows\system32\oddbse32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20511 c:\windows\system32\oddbse32.dll
+ 2002-08-29 12:00 . 2008-04-13 11:56 12288 c:\windows\system32\odbcp32r.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 12288 c:\windows\system32\odbcp32r.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 53279 c:\windows\system32\odbcji32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:40 53279 c:\windows\system32\odbcji32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 94208 c:\windows\system32\odbcint.dll
+ 2002-08-29 12:00 . 2008-04-13 11:56 94208 c:\windows\system32\odbcint.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 65536 c:\windows\system32\odbccu32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 65536 c:\windows\system32\odbccu32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 65536 c:\windows\system32\odbccr32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 65536 c:\windows\system32\odbccr32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 69632 c:\windows\system32\odbcconf.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 69632 c:\windows\system32\odbcconf.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 24576 c:\windows\system32\odbcbcp.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 24576 c:\windows\system32\odbcbcp.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 32768 c:\windows\system32\odbcad32.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 32768 c:\windows\system32\odbcad32.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 16384 c:\windows\system32\odbc32gt.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16384 c:\windows\system32\odbc32gt.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 67584 c:\windows\system32\ocmanage.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 65536 c:\windows\system32\nwwks.dll
- 2002-08-29 12:00 . 2006-10-13 12:35 65536 c:\windows\system32\nwwks.dll
- 2002-08-29 12:00 . 2006-10-13 12:35 64000 c:\windows\system32\nwapi32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 64000 c:\windows\system32\nwapi32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\ntvdmd.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 91136 c:\windows\system32\ntprint.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 91136 c:\windows\system32\ntprint.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 40960 c:\windows\system32\ntmsapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 40960 c:\windows\system32\ntmsapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 44032 c:\windows\system32\ntlanman.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 67072 c:\windows\system32\ntdsapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 67072 c:\windows\system32\ntdsapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 76800 c:\windows\system32\nslookup.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 76800 c:\windows\system32\nslookup.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 54784 c:\windows\system32\npptools.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 54784 c:\windows\system32\npptools.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\npp\nppagent.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 15360 c:\windows\system32\npp\nppagent.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 57344 c:\windows\system32\npp\ndisnpp.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 57344 c:\windows\system32\npp\ndisnpp.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 69120 c:\windows\system32\notepad.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 69120 c:\windows\system32\notepad.exe
+ 2004-09-11 19:40 . 2008-04-13 18:42 28672 c:\windows\system32\nmmkcert.dll
- 2004-09-11 19:40 . 2004-08-03 14:56 28672 c:\windows\system32\nmmkcert.dll
+ 2002-08-29 12:00 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
- 2002-08-29 12:00 . 2008-03-07 16:56 98304 c:\windows\system32\nlhtml.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 80896 c:\windows\system32\netui0.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 80896 c:\windows\system32\netui0.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 36864 c:\windows\system32\netstat.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 36864 c:\windows\system32\netstat.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 86016 c:\windows\system32\netsh.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 86016 c:\windows\system32\netsh.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 11776 c:\windows\system32\netrap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 42496 c:\windows\system32\net.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 42496 c:\windows\system32\net.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\nddenb32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\nddenb32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17920 c:\windows\system32\nddeapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 17920 c:\windows\system32\nddeapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 36352 c:\windows\system32\ncobjapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 36352 c:\windows\system32\ncobjapi.dll
- 2002-08-29 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 53760 c:\windows\system32\narrator.exe
+ 2010-01-20 03:39 . 2008-04-13 18:42 30208 c:\windows\system32\napipsec.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 90624 c:\windows\system32\mydocs.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90624 c:\windows\system32\mydocs.dll
+ 2004-09-11 19:38 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-09-11 19:38 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 34304 c:\windows\system32\mtxlegih.dll
+ 2004-09-11 19:38 . 2008-04-13 18:42 30720 c:\windows\system32\mtxdm.dll
- 2002-08-29 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2002-08-29 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2001-08-17 22:36 . 2008-04-13 18:42 16896 c:\windows\system32\msyuv.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 72704 c:\windows\system32\msw3prt.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 72704 c:\windows\system32\msw3prt.dll
- 2002-08-29 12:00 . 2004-08-03 12:58 61440 c:\windows\system32\msvcrt40.dll
+ 2002-08-29 12:00 . 2008-04-13 13:00 61440 c:\windows\system32\msvcrt40.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 57344 c:\windows\system32\msvcirt.dll
+ 2004-09-11 19:40 . 2008-04-13 18:42 12288 c:\windows\system32\mstinit.exe
- 2004-09-11 19:40 . 2004-08-03 14:56 12288 c:\windows\system32\mstinit.exe
+ 2010-01-20 03:39 . 2008-04-13 12:45 76800 c:\windows\system32\msshavmsg.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 11264 c:\windows\system32\msrle32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 11264 c:\windows\system32\msrle32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 48128 c:\windows\system32\msprivs.dll
+ 2002-08-29 12:00 . 2008-04-13 10:53 48128 c:\windows\system32\msprivs.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 29696 c:\windows\system32\mspatcha.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 20480 c:\windows\system32\msorc32r.dll
+ 2002-08-29 12:00 . 2008-04-13 11:54 20480 c:\windows\system32\msorc32r.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\mslbui.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 25088 c:\windows\system32\mslbui.dll
- 2002-08-29 12:00 . 2005-05-04 04:45 15360 c:\windows\system32\msisip.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\msisip.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 40960 c:\windows\system32\msiregmv.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 40960 c:\windows\system32\msiregmv.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 78848 c:\windows\system32\msiexec.exe
- 2002-08-29 12:00 . 2005-05-04 04:45 78848 c:\windows\system32\msiexec.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 51712 c:\windows\system32\msident.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 51712 c:\windows\system32\msident.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 33792 c:\windows\system32\msgsvc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 33792 c:\windows\system32\msgsvc.dll
- 2004-09-11 19:38 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-09-11 19:38 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14336 c:\windows\system32\msdmo.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\msdmo.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 68608 c:\windows\system32\msctfp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 36864 c:\windows\system32\mscpxl32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 36864 c:\windows\system32\mscpxl32.dll
+ 2002-08-29 12:00 . 2008-04-13 11:56 12288 c:\windows\system32\mscpx32r.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 12288 c:\windows\system32\mscpx32r.dll
+ 2004-09-11 19:40 . 2008-04-13 18:42 69632 c:\windows\system32\msconf.dll
- 2004-09-11 19:40 . 2004-08-03 14:56 69632 c:\windows\system32\msconf.dll
- 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2002-08-29 12:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
- 2002-08-29 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2002-08-29 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 86016 c:\windows\system32\msapsspc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 86016 c:\windows\system32\msapsspc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 71680 c:\windows\system32\msacm32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 71680 c:\windows\system32\msacm32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 89088 c:\windows\system32\mqlogmgr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 89088 c:\windows\system32\mqlogmgr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 53248 c:\windows\system32\mprdim.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 87040 c:\windows\system32\mprapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 87040 c:\windows\system32\mprapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 59904 c:\windows\system32\mpr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 59904 c:\windows\system32\mpr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\more.com
- 2004-09-11 19:40 . 2004-08-03 14:56 32768 c:\windows\system32\mnmsrvc.exe
+ 2004-09-11 19:40 . 2008-04-13 18:42 32768 c:\windows\system32\mnmsrvc.exe
+ 2004-09-11 19:40 . 2008-04-13 18:41 34560 c:\windows\system32\mnmdd.dll
- 2004-09-11 19:40 . 2004-08-03 14:56 34560 c:\windows\system32\mnmdd.dll
+ 2004-09-11 19:38 . 2008-04-13 18:41 17408 c:\windows\system32\mmfutil.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 17408 c:\windows\system32\mmfutil.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 61440 c:\windows\system32\mmcshext.dll
+ 2010-01-20 03:39 . 2008-04-13 18:42 33792 c:\windows\system32\mmcperf.exe
+ 2002-08-29 12:00 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
- 2002-08-29 12:00 . 2008-03-07 16:56 29696 c:\windows\system32\mimefilt.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 60928 c:\windows\system32\miglibnt.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 60928 c:\windows\system32\miglibnt.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 18944 c:\windows\system32\midimap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 18944 c:\windows\system32\midimap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 14848 c:\windows\system32\mgmtapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 14848 c:\windows\system32\mgmtapi.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 22528 c:\windows\system32\mfcsubs.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 22528 c:\windows\system32\mfcsubs.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 40960 c:\windows\system32\mf3216.dll
- 2002-08-29 12:00 . 2007-03-08 15:36 40960 c:\windows\system32\mf3216.dll
- 2005-05-03 12:59 . 2004-08-03 14:56 86016 c:\windows\system32\mdmxsdk.dll
+ 2005-05-03 12:59 . 2008-04-13 18:41 86016 c:\windows\system32\mdmxsdk.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 23552 c:\windows\system32\mciwave.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 23552 c:\windows\system32\mciwave.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 23040 c:\windows\system32\mciseq.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 23040 c:\windows\system32\mciseq.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 35328 c:\windows\system32\mciqtz32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 35328 c:\windows\system32\mciqtz32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 84480 c:\windows\system32\mciavi32.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 84480 c:\windows\system32\mciavi32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 14336 c:\windows\system32\mcastmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 57344 c:\windows\system32\makecab.exe
- 2002-08-29 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 72704 c:\windows\system32\magnify.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 13312 c:\windows\system32\lsass.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13312 c:\windows\system32\lsass.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 10240 c:\windows\system32\lprhelp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 10240 c:\windows\system32\lprhelp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 22016 c:\windows\system32\lpk.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 22016 c:\windows\system32\lpk.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 59392 c:\windows\system32\logman.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 59392 c:\windows\system32\logman.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 75264 c:\windows\system32\locator.exe
- 2002-08-29 12:00 . 2004-08-03 14:56 75264 c:\windows\system32\locator.exe
+ 2002-08-29 12:00 . 2008-04-13 18:41 11776 c:\windows\system32\localui.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 11776 c:\windows\system32\localui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 97280 c:\windows\system32\loadperf.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 97280 c:\windows\system32\loadperf.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 13824 c:\windows\system32\lmhsvc.dll
- 2002-08-29 12:00 . 2004-08-03 14:56 13824 c:\windows\system32\lmhsvc.dll
- 2002-08-29 12:00 . 2005-09-01 01:41 19968 c:\windows\system32\linkinfo.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 19968 c:\windows\system32\linkinfo.dll
+ 2004-09-11 19:38 . 2008-04-13 18:41 58880 c:\windows\system32\licwmi.dll
- 2004-09-11 19:38 . 2004-08-03 14:56 58880 c:\windows\system32\licwmi.dll

alex12345 · Jan 20, 2010

i don't mean to sound complacent but there must be 1000 000 characters in the combofix log and only 30 000 permited per post which makes it hard to copy paste everything over 30 seperate posts, i'll still do it though if thats the only option, i just feel i'd be inconveniencing you-

johnb35 · Jan 20, 2010

You don't by chance have show hidden files and folders enabled do you? That could be why your log is so long. Get past the point where you are now and just post the balance of the log from "reg loading points" to the end.

johnb35 · Jan 21, 2010

Until I see the rest of your log, there is one fix I see that needs to be done.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

File::
c:\windows\wpd99.drv

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Are you by chance using group policy for anything?

alex12345 · Jan 21, 2010

i'm not aware if group policy is on or not, i don't believe i have that, though sometimes i'm denied access to deleting a file(some useless file).
i've performed the combofix CFScript.txt

when you wrote hidden files and folders enabled you mean
folder>tools>folder options>view tab> show hidden files & folders? it's set to do not show-

ComboFix 10-01-20.05 - owner 21/01/2010 19:21:45.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.698 [GMT 11:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java\jre6\bin\jucheck.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 07:27 . 2010-01-20 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 03:43 . 2010-01-20 07:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-01-20 03:41 . 2008-04-13 11:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-20 03:41 . 2009-07-30 23:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-20 03:41 . 2008-04-13 11:57 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-20 03:41 . 2008-04-13 18:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-20 03:39 . 2008-04-13 18:41 59392 ------w- c:\windows\system32\eapqec.dll
2010-01-20 03:18 . 2008-04-13 11:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-01-20 03:18 . 2008-04-13 13:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 03:17 . 2008-04-13 13:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-16 04:25 . 2010-01-16 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-15 18:33 . 2010-01-15 18:33 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 18:33 . 2010-01-15 18:33 -------- d-----w- c:\program files\TrendMicro
2010-01-15 12:16 . 2009-11-04 05:49 635664 ----a-w- c:\documents and settings\owner\Application Data\IObit\Common\TB_Helper.exe
2010-01-15 07:25 . 2010-01-15 07:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-15 06:54 . 2010-01-15 06:54 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-01-15 06:48 . 2010-01-15 06:48 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- c:\windows\ie8updates
2010-01-15 06:12 . 2010-01-15 06:20 -------- dc-h--w- c:\windows\ie8
2010-01-15 05:56 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-15 05:56 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-15 05:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 19:30 . 2010-01-14 19:30 48 ----a-w- c:\windows\wpd99.drv
2010-01-13 09:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 11:09 . 2010-01-07 11:32 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Temp
2010-01-04 11:55 . 2010-01-04 11:55 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-02 19:16 . 2010-01-02 19:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-02 18:19 . 2010-01-02 18:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-01 05:56 . 2010-01-01 05:56 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 14:51 . 2009-12-28 14:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 14:51 . 2009-12-28 14:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 14:46 . 2010-01-21 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-28 14:46 . 2009-12-28 14:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-28 14:34 . 2009-12-28 14:34 -------- d--h--w- c:\windows\PIF
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Search
2009-12-28 09:00 . 2009-12-28 09:00 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Desktop Search
2009-12-28 08:56 . 2010-01-02 21:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-28 08:56 . 2009-12-28 08:56 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-28 08:54 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-28 08:54 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-28 07:50 . 2009-12-28 07:50 60940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-28 07:30 . 2001-08-17 11:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-28 07:30 . 2004-08-03 13:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-28 06:29 . 2009-12-28 06:29 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-28 06:11 . 2010-01-04 11:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-28 05:25 . 2010-01-15 19:23 -------- d-----w- c:\program files\Microsoft Works
2009-12-28 05:00 . 2009-12-28 06:24 -------- d-----w- c:\program files\Microsoft.NET
2009-12-28 04:16 . 2009-12-28 05:17 -------- d-----w- c:\windows\SHELLNEW
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----r- C:\MSOCache
2009-12-27 00:01 . 2009-12-27 00:01 -------- d-----w- c:\program files\iPod
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\program files\iTunes
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 23:47 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-26 19:01 . 2009-12-26 19:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-26 17:33 . 2009-12-26 17:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-26 13:38 . 2009-12-26 13:38 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Microsoft Help
2009-12-26 13:37 . 2010-01-15 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 05:11 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-20 13:55 . 2007-12-09 12:47 -------- d-----w- c:\program files\Autodesk
2010-01-20 13:55 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-20 09:37 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 03:52 . 2004-09-11 19:42 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-16 23:26 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 12:16 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\owner\Application Data\IObit
2010-01-15 00:49 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 20:13 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 20:12 . 2008-10-16 09:38 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 19:30 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-07 05:07 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 05:07 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 06:10 . 2005-05-03 13:11 73712 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 00:11 . 2005-06-26 14:23 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-12-27 00:01 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 23:57 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-12-26 23:47 . 2007-09-10 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-26 17:49 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-12-16 03:42 . 2009-12-18 16:32 872960 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 03:42 . 2009-12-18 16:32 43008 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 03:42 . 2009-12-18 16:32 340480 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 03:41 . 2009-12-18 16:32 346624 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-26 18:57 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:08 . 2009-11-19 10:08 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Australian\setup.exe
2009-10-29 07:45 . 2002-08-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-20_15.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-21 04:30 . 2010-01-21 04:30 16384 c:\windows\temp\Perflib_Perfdata_104.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"SoundMan"="SOUNDMAN.EXE" [2004-05-13 67072]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-13 99840]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 12:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
2002-07-23 01:20 94208 ----a-w- c:\program files\CyberLink\PowerVCRII\agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-25 08:15 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 06:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
2002-07-23 01:20 32768 ----a-w- c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-20 21:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [9/6/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/10/2005 11:30 PM 450400]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [3/6/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [3/6/2008 9:34 PM 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 19:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f,00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a,00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc,00,07,00,10,00,15,00,4a,\
.
Completion time: 2010-01-21 19:53:09
ComboFix-quarantined-files.txt 2010-01-21 08:52
ComboFix2.txt 2010-01-20 15:12
ComboFix3.txt 2010-01-15 09:10
ComboFix4.txt 2010-01-15 08:16
ComboFix5.txt 2010-01-21 08:11

Pre-Run: 76,225,564,672 bytes free
Post-Run: 76,180,615,168 bytes free

- - End Of File - - EFB1786AF04262DFE6799AC861E55BA0

alex12345 · Jan 21, 2010

combofix log from b4

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"SoundMan"="SOUNDMAN.EXE" [2004-05-13 67072]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-13 99840]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 12:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
2002-07-23 01:20 94208 ----a-w- c:\program files\CyberLink\PowerVCRII\agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-25 08:15 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 06:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
2002-07-23 01:20 32768 ----a-w- c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-20 21:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [9/6/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/10/2005 11:30 PM 450400]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [3/6/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [3/6/2008 9:34 PM 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 02:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f,00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a,00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc,00,07,00,10,00,15,00,4a,\
.
Completion time: 2010-01-21 02:12:26
ComboFix-quarantined-files.txt 2010-01-20 15:12
ComboFix2.txt 2010-01-15 09:10
ComboFix3.txt 2010-01-15 08:16
ComboFix4.txt 2009-10-07 14:02

Pre-Run: 76,146,167,808 bytes free
Post-Run: 76,119,330,816 bytes free

- - End Of File - - 566BBDEA719CBB29C99F53DD296D7A2F

johnb35 · Jan 21, 2010

You did not perform the operation correctly, please try it again. Follow the instructions carefully.

alex12345 · Jan 22, 2010

Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt.txt
john is that the error i made?

here i've redone the log--

ComboFix 10-01-21.06 - owner 22/01/2010 21:45:03.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.681 [GMT 11:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-20 07:27 . 2010-01-20 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 03:43 . 2010-01-20 07:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-01-20 03:41 . 2008-04-13 11:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-20 03:41 . 2009-07-30 23:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-20 03:41 . 2008-04-13 11:57 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-20 03:41 . 2008-04-13 18:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-20 03:39 . 2008-04-13 18:41 59392 ------w- c:\windows\system32\eapqec.dll
2010-01-20 03:18 . 2008-04-13 11:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-01-20 03:18 . 2008-04-13 13:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 03:17 . 2008-04-13 13:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-16 04:25 . 2010-01-16 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-15 18:33 . 2010-01-15 18:33 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 18:33 . 2010-01-15 18:33 -------- d-----w- c:\program files\TrendMicro
2010-01-15 12:16 . 2009-11-04 05:49 635664 ----a-w- c:\documents and settings\owner\Application Data\IObit\Common\TB_Helper.exe
2010-01-15 07:25 . 2010-01-15 07:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-15 06:54 . 2010-01-15 06:54 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-01-15 06:48 . 2010-01-15 06:48 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- c:\windows\ie8updates
2010-01-15 06:12 . 2010-01-15 06:20 -------- dc-h--w- c:\windows\ie8
2010-01-15 05:56 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-15 05:56 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-15 05:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 19:30 . 2010-01-14 19:30 48 ----a-w- c:\windows\wpd99.drv
2010-01-13 09:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 11:09 . 2010-01-07 11:32 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Temp
2010-01-04 11:55 . 2010-01-04 11:55 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-02 19:16 . 2010-01-02 19:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-02 18:19 . 2010-01-02 18:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-01 05:56 . 2010-01-01 05:56 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 14:51 . 2009-12-28 14:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 14:51 . 2009-12-28 14:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 14:46 . 2010-01-22 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-28 14:46 . 2009-12-28 14:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-28 14:34 . 2009-12-28 14:34 -------- d--h--w- c:\windows\PIF
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Search
2009-12-28 09:00 . 2009-12-28 09:00 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Desktop Search
2009-12-28 08:56 . 2010-01-02 21:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-28 08:56 . 2009-12-28 08:56 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-28 08:54 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-28 08:54 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-28 07:50 . 2009-12-28 07:50 60940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-28 07:30 . 2001-08-17 11:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-28 07:30 . 2004-08-03 13:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-28 06:29 . 2009-12-28 06:29 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-28 06:11 . 2010-01-04 11:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-28 05:25 . 2010-01-15 19:23 -------- d-----w- c:\program files\Microsoft Works
2009-12-28 05:00 . 2009-12-28 06:24 -------- d-----w- c:\program files\Microsoft.NET
2009-12-28 04:16 . 2009-12-28 05:17 -------- d-----w- c:\windows\SHELLNEW
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----r- C:\MSOCache
2009-12-27 00:01 . 2009-12-27 00:01 -------- d-----w- c:\program files\iPod
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\program files\iTunes
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 23:47 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-26 19:01 . 2009-12-26 19:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-26 17:33 . 2009-12-26 17:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-26 13:38 . 2009-12-26 13:38 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Microsoft Help
2009-12-26 13:37 . 2010-01-15 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 06:12 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-20 13:55 . 2007-12-09 12:47 -------- d-----w- c:\program files\Autodesk
2010-01-20 13:55 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-20 09:37 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 03:52 . 2004-09-11 19:42 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-16 23:26 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 12:16 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\owner\Application Data\IObit
2010-01-15 00:49 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 20:13 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 20:12 . 2008-10-16 09:38 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 19:30 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-07 05:07 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 05:07 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 06:10 . 2005-05-03 13:11 73712 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 00:11 . 2005-06-26 14:23 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-12-27 00:01 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 23:57 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-12-26 23:47 . 2007-09-10 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-26 17:49 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-12-16 03:42 . 2009-12-18 16:32 872960 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 03:42 . 2009-12-18 16:32 43008 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 03:42 . 2009-12-18 16:32 340480 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 03:41 . 2009-12-18 16:32 346624 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-26 18:57 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:08 . 2009-11-19 10:08 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Australian\setup.exe
2009-10-29 07:45 . 2002-08-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-20_15.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-22 04:24 . 2010-01-22 04:24 16384 c:\windows\temp\Perflib_Perfdata_124.dat
+ 2010-01-22 04:40 . 2010-01-22 04:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-09-11 19:46 . 2010-01-22 04:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-09-11 19:46 . 2010-01-20 09:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-22 04:40 . 2010-01-22 04:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-16 03:32 . 2010-01-20 09:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"SoundMan"="SOUNDMAN.EXE" [2004-05-13 67072]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-13 99840]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 12:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
2002-07-23 01:20 94208 ----a-w- c:\program files\CyberLink\PowerVCRII\agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-25 08:15 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 06:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
2002-07-23 01:20 32768 ----a-w- c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-20 21:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [9/6/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/10/2005 11:30 PM 450400]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [3/6/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [3/6/2008 9:34 PM 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f,00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a,00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc,00,07,00,10,00,15,00,4a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-01-22 22:16:15
ComboFix-quarantined-files.txt 2010-01-22 11:16
ComboFix2.txt 2010-01-21 08:53
ComboFix3.txt 2010-01-20 15:12
ComboFix4.txt 2010-01-15 09:10
ComboFix5.txt 2010-01-22 10:41

Pre-Run: 76,110,344,192 bytes free
Post-Run: 76,064,534,528 bytes free

- - End Of File - - 8388A492E075502160A3956340ADD85D

johnb35 · Jan 22, 2010

You have the file named wrong, when you named cfscript you named it cfscript.txt.txt. And thats why it won't work correctly. Now just rename the file so that it just has cfscript.txt by removing one of the .txt extensions and then rerun the procedure.

alex12345 · Jan 22, 2010

john, i've highlited that yellow in my last post, which prob makes it hard to see now...

johnb35 · Jan 22, 2010

Just rename the file as I suggested and it will run fine then.

alex12345 · Jan 23, 2010

ComboFix 10-01-21.08 - owner 23/01/2010 15:36:55.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.823 [GMT 11:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-20 07:27 . 2010-01-20 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 03:43 . 2010-01-20 07:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-01-20 03:41 . 2008-04-13 11:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-20 03:41 . 2009-07-30 23:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-20 03:41 . 2008-04-13 11:57 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-20 03:41 . 2008-04-13 18:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-20 03:39 . 2008-04-13 18:41 59392 ------w- c:\windows\system32\eapqec.dll
2010-01-20 03:18 . 2008-04-13 11:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-01-20 03:18 . 2008-04-13 13:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 03:17 . 2008-04-13 13:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-16 04:25 . 2010-01-16 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-15 18:33 . 2010-01-15 18:33 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 18:33 . 2010-01-15 18:33 -------- d-----w- c:\program files\TrendMicro
2010-01-15 12:16 . 2009-11-04 05:49 635664 ----a-w- c:\documents and settings\owner\Application Data\IObit\Common\TB_Helper.exe
2010-01-15 07:25 . 2010-01-15 07:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-15 06:54 . 2010-01-15 06:54 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-01-15 06:48 . 2010-01-15 06:48 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-15 06:23 . 2010-01-22 19:10 -------- d-----w- c:\windows\ie8updates
2010-01-15 06:12 . 2010-01-15 06:20 -------- dc-h--w- c:\windows\ie8
2010-01-15 05:56 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-15 05:56 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-15 05:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 19:30 . 2010-01-14 19:30 48 ----a-w- c:\windows\wpd99.drv
2010-01-13 09:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 11:09 . 2010-01-07 11:32 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Temp
2010-01-04 11:55 . 2010-01-04 11:55 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-02 19:16 . 2010-01-02 19:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-02 18:19 . 2010-01-02 18:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-01 05:56 . 2010-01-01 05:56 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 15:14 . 2009-12-28 15:14 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-28 14:51 . 2009-12-28 14:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 14:51 . 2009-12-28 14:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 14:46 . 2010-01-23 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-28 14:46 . 2009-12-28 14:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-28 14:34 . 2009-12-28 14:34 -------- d--h--w- c:\windows\PIF
2009-12-28 13:55 . 2009-12-28 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Search
2009-12-28 09:00 . 2009-12-28 09:00 -------- d-----w- c:\documents and settings\owner\Application Data\Windows Desktop Search
2009-12-28 08:56 . 2010-01-02 21:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-28 08:56 . 2009-12-28 08:56 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-28 08:54 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-28 08:54 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-28 07:50 . 2009-12-28 07:50 60940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-28 07:30 . 2001-08-17 11:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-28 07:30 . 2004-08-03 13:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-28 06:29 . 2009-12-28 06:29 -------- d-----w- c:\program files\Microsoft Small Business
2009-12-28 06:11 . 2010-01-04 11:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-28 05:25 . 2010-01-15 19:23 -------- d-----w- c:\program files\Microsoft Works
2009-12-28 05:00 . 2009-12-28 06:24 -------- d-----w- c:\program files\Microsoft.NET
2009-12-28 04:16 . 2009-12-28 05:17 -------- d-----w- c:\windows\SHELLNEW
2009-12-28 04:00 . 2009-12-28 04:00 -------- d-----r- C:\MSOCache
2009-12-27 00:01 . 2009-12-27 00:01 -------- d-----w- c:\program files\iPod
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\program files\iTunes
2009-12-27 00:01 . 2009-12-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 23:47 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-26 19:01 . 2009-12-26 19:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-26 17:33 . 2009-12-26 17:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-26 13:38 . 2009-12-26 13:38 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Microsoft Help
2009-12-26 13:37 . 2010-01-15 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 06:12 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-20 13:55 . 2007-12-09 12:47 -------- d-----w- c:\program files\Autodesk
2010-01-20 13:55 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-20 09:37 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 03:52 . 2004-09-11 19:42 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-16 23:26 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 12:16 . 2009-10-07 14:12 -------- d-----w- c:\documents and settings\owner\Application Data\IObit
2010-01-15 00:49 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 20:13 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 20:12 . 2008-10-16 09:38 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 19:30 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-07 05:07 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 05:07 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 06:10 . 2005-05-03 13:11 73712 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 00:11 . 2005-06-26 14:23 -------- d-----w- c:\documents and settings\owner\Application Data\Apple Computer
2009-12-27 00:01 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 23:57 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-12-26 23:47 . 2007-09-10 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-26 17:49 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-12-21 19:14 . 2002-08-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 03:42 . 2009-12-18 16:32 872960 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 03:42 . 2009-12-18 16:32 43008 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 03:42 . 2009-12-18 16:32 340480 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 03:41 . 2009-12-18 16:32 346624 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-26 18:57 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:08 . 2009-11-19 10:08 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Australian\setup.exe
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-23_03.21.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-29 12:00 . 2008-04-13 18:42 30720 c:\windows\system32\xcopy.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 91648 c:\windows\system32\xactsrv.dll
+ 2002-08-29 03:41 . 2008-04-13 18:42 52736 c:\windows\system32\wzcsapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 32256 c:\windows\system32\wupdmgr.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 18432 c:\windows\system32\wtsapi32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50688 c:\windows\system32\wstdecod.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 22528 c:\windows\system32\wsock32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 41984 c:\windows\system32\wsnmp32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19456 c:\windows\system32\wshtcpip.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 11264 c:\windows\system32\wshrm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\wshisn.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\wship6.dll
+ 2002-08-29 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 36864 c:\windows\system32\wshcon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19968 c:\windows\system32\ws2help.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 82432 c:\windows\system32\ws2_32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 11264 c:\windows\system32\wpnpinst.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 32256 c:\windows\system32\wpabaln.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 13824 c:\windows\system32\wowfaxui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 10368 c:\windows\system32\wowexec.exe
+ 2002-08-29 12:00 . 2005-01-28 03:44 20480 c:\windows\system32\wmpui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 77824 c:\windows\system32\wmpstub.exe
+ 2002-08-29 12:00 . 2006-10-18 11:47 99840 c:\windows\system32\wmpshell.dll
+ 2002-08-29 12:00 . 2005-01-28 03:44 20480 c:\windows\system32\wmpcore.dll
+ 2002-08-29 12:00 . 2005-01-28 03:44 20480 c:\windows\system32\wmpcd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 55808 c:\windows\system32\wmiscmgr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\wmiprop.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\wmerrenu.dll
+ 2002-08-29 12:00 . 2006-10-18 10:47 37376 c:\windows\system32\wmdmps.dll
+ 2002-08-29 12:00 . 2006-10-18 10:47 33792 c:\windows\system32\wmdmlog.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 92672 c:\windows\system32\wlnotify.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\winstrm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 53760 c:\windows\system32\winsta.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 99328 c:\windows\system32\winscard.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\winrnr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\winmsd.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 32256 c:\windows\system32\winipsec.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\win87em.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18432 c:\windows\system32\win.com
+ 2002-08-29 12:00 . 2008-04-13 18:42 75776 c:\windows\system32\wiascr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13600 c:\windows\system32\wfwnet.drv
+ 2002-08-29 12:00 . 2008-04-13 18:42 65024 c:\windows\system32\wextract.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 40448 c:\windows\system32\webhits.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\webclnt.dll
+ 2001-08-17 22:37 . 2008-04-13 18:42 23552 c:\windows\system32\wdmaud.drv
+ 2002-08-29 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 45056 c:\windows\system32\wbem\cmdevtgprov.dll
+ 2002-08-29 12:00 . 2008-04-13 13:15 17664 c:\windows\system32\watchdog.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\w32topl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49664 c:\windows\system32\w32tm.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\vwipxspx.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33792 c:\windows\system32\vssadmin.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\vss_ps.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18176 c:\windows\system32\vga64k.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51456 c:\windows\system32\vga256.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20535 c:\windows\system32\vfpodbc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\version.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\verifier.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 26624 c:\windows\system32\verifier.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 51712 c:\windows\system32\vdmredir.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\vdmdbg.dll
+ 1998-12-24 01:23 . 1998-12-24 01:23 40960 c:\windows\system32\VBAME.DLL
+ 2002-08-29 12:00 . 2008-04-13 18:42 30749 c:\windows\system32\vbajet32.dll
+ 1998-06-18 04:00 . 1998-06-18 04:00 89360 c:\windows\system32\vb5db.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50176 c:\windows\system32\utilman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\utildll.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\usrvpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 45116 c:\windows\system32\usrvoica.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49209 c:\windows\system32\usrv80a.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 41019 c:\windows\system32\usrsvpia.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 69700 c:\windows\system32\usrshuta.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\usrsdpia.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77883 c:\windows\system32\usrrtosa.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 61508 c:\windows\system32\usrprbda.exe
+ 2001-08-17 22:37 . 2002-08-29 12:00 77891 c:\windows\system32\usrmlnka.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 53305 c:\windows\system32\usrlbva.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 86073 c:\windows\system32\usrfaxa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77890 c:\windows\system32\usrdpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 69699 c:\windows\system32\usrcoina.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 61500 c:\windows\system32\usrcntra.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 19968 c:\windows\system32\usmt\log.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\userinit.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 47872 c:\windows\system32\user.exe
+ 2001-08-17 22:36 . 2008-04-13 18:42 74240 c:\windows\system32\usbui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\usbmon.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 17920 c:\windows\system32\ureg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18432 c:\windows\system32\ups.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 16896 c:\windows\system32\upnpcont.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13824 c:\windows\system32\uniplat.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 74240 c:\windows\system32\unimdmat.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\umdmxfrm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 35840 c:\windows\system32\umandlg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82432 c:\windows\system32\ufat.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26624 c:\windows\system32\udhisapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36352 c:\windows\system32\typeperf.exe
+ 2002-08-29 12:00 . 2008-04-13 18:43 12168 c:\windows\system32\tsddd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\tsd32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 52224 c:\windows\system32\tsappcmp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90112 c:\windows\system32\trkwks.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 12800 c:\windows\system32\tree.com
+ 2002-08-29 12:00 . 2002-08-29 12:00 31232 c:\windows\system32\traffic.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31744 c:\windows\system32\tracert6.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 12288 c:\windows\system32\tracert.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13888 c:\windows\system32\toolhelp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 73216 c:\windows\system32\tlntsvr.exe
+ 2002-08-29 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 61440 c:\windows\system32\tlntadmn.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\tftp.exe
+ 2002-08-29 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\tcpsvcs.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 45568 c:\windows\system32\tcpmonui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 45568 c:\windows\system32\tcpmon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14848 c:\windows\system32\tcpmib.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\tcmsetup.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\taskman.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 77824 c:\windows\system32\tasklist.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 76288 c:\windows\system32\taskkill.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 78848 c:\windows\system32\tapiui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 19200 c:\windows\system32\tapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 71680 c:\windows\system32\systeminfo.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\syskey.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 15872 c:\windows\system32\sysinv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18896 c:\windows\system32\sysedit.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 57856 c:\windows\system32\synceng.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\syncapp.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\svchost.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 14848 c:\windows\system32\stimon.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\sti.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\ssstars.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\ssmyst.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 47104 c:\windows\system32\ssmypics.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 20992 c:\windows\system32\ssmarque.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 71680 c:\windows\system32\ssdpsrv.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 34816 c:\windows\system32\ssdpapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19968 c:\windows\system32\ssbezier.scr
+ 2002-08-29 12:00 . 2008-04-13 18:42 96768 c:\windows\system32\srvsvc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49179 c:\windows\system32\sqlwoa.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 24603 c:\windows\system32\sqlwid.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 72192 c:\windows\system32\sprio800.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 70656 c:\windows\system32\sprio600.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 57856 c:\windows\system32\spoolsv.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 75264 c:\windows\system32\spoolss.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 69632 c:\windows\system32\spnike.dll
+ 2002-08-29 12:00 . 2008-04-13 13:13 12800 c:\windows\system32\spiisupd.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 24576 c:\windows\system32\sort.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\snmpapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 50688 c:\windows\system32\smss.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 89600 c:\windows\system32\smlogsvc.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\slbrccsp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 98304 c:\windows\system32\slbiop.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\slayerxp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 26112 c:\windows\system32\skeys.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\sisbkup.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 70144 c:\windows\system32\sigverif.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13312 c:\windows\system32\sigtab.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 19456 c:\windows\system32\shutdown.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 27648 c:\windows\system32\shscrap.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77824 c:\windows\system32\shrpubw.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 45056 c:\windows\system32\shmgrate.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 65024 c:\windows\system32\shimeng.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 68096 c:\windows\system32\shgina.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 25088 c:\windows\system32\shfolder.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\sfmapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11753 c:\windows\system32\setver.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 33792 c:\windows\system32\Setup\tabletoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\Setup\ocgen.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 62976 c:\windows\system32\Setup\ntoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\Setup\netoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 90112 c:\windows\system32\Setup\msdtcstp.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 16896 c:\windows\system32\Setup\medctroc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 23040 c:\windows\system32\setup.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 31232 c:\windows\system32\sethc.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\serwvdrv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14336 c:\windows\system32\serialui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\senscfg.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 39424 c:\windows\system32\sens.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 54784 c:\windows\system32\sendmail.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 29184 c:\windows\system32\sendcmsg.dll
+ 2002-08-29 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\seclogon.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 18944 c:\windows\system32\secedit.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\sdbinst.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 10240 c:\windows\system32\scriptpw.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 57856 c:\windows\system32\scripto.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26624 c:\windows\system32\scredir.dll
+ 1998-03-24 10:54 . 1998-03-24 10:54 15872 c:\windows\system32\SCP32.DLL
+ 2002-08-29 12:00 . 2008-04-13 18:42 20480 c:\windows\system32\sclgntfy.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 95744 c:\windows\system32\scardsvr.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 69632 c:\windows\system32\scarddlg.dll
+ 2002-08-29 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 13312 c:\windows\system32\savedump.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 64000 c:\windows\system32\samlib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 14336 c:\windows\system32\runonce.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 33280 c:\windows\system32\rundll32.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\runas.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 44032 c:\windows\system32\rtutils.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\rtm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 31744 c:\windows\system32\rtipxmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:42 77312 c:\windows\system32\rtcshare.exe
+ 2002-08-29 12:00 . 2008-04-13 18:42 92672 c:\windows\system32\rsvpsp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\rsvpmsg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 62976 c:\windows\system32\rsopprov.exe
.

alex12345 · Jan 23, 2010

this log has turned out to be 230000 characters, should i post it all?

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"SoundMan"="SOUNDMAN.EXE" [2004-05-13 67072]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-13 99840]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 12:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
2002-07-23 01:20 94208 ----a-w- c:\program files\CyberLink\PowerVCRII\agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-25 08:15 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 06:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
2002-07-23 01:20 32768 ----a-w- c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-20 21:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 8:18 PM 36880]
R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6/09/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/05/2005 11:30 PM 450400]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 6:39 PM 19472]
S2 gupdate1c98d3f3d9daa2e;Google Update Service (gupdate1c98d3f3d9daa2e);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 5:25 AM 133104]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [6/03/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [6/03/2008 9:34 PM 11264]
S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/11/2006 3:29 PM 29744]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [3/04/2006 7:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f,00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a,00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc,00,07,00,10,00,15,00,4a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\windows\system32\PDesk\PDKERNEL.DLL
c:\windows\system32\PDesk\PDTOOLS.DLL
c:\windows\system32\PDesk\PDRESENG.DLL
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-23 16:08:20
ComboFix-quarantined-files.txt 2010-01-23 05:08
ComboFix2.txt 2010-01-23 03:33
ComboFix3.txt 2010-01-22 11:16
ComboFix4.txt 2010-01-21 08:53
ComboFix5.txt 2010-01-23 04:33

Pre-Run: 75,823,054,848 bytes free
Post-Run: 75,804,049,408 bytes free

- - End Of File - - A3595E2B2933C22DA4F8BF38B98707A4

my computer is becoming irritating!

New Member

Administrator

New Member

Administrator

New Member

New Member

New Member

New Member

New Member

Administrator

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

New Member