Hi jmw
Please see logs as requested
ComboFix 09-04-17.01 - HOME 20/04/2009 19:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.426 [GMT 1:00]
Running from: c:\documents and settings\HOME\Desktop\commy.exe
Command switches used :: c:\documents and settings\HOME\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BearShare Applications
c:\program files\BearShare Applications\BearShare\WMHelper.log
c:\program files\LimeWire
c:\program files\LimeWire\aopalliance.jar.tmp
c:\program files\LimeWire\aopalliance.pack
c:\program files\LimeWire\clink.jar.tmp
c:\program files\LimeWire\clink.pack
c:\program files\LimeWire\commons-httpclient.jar.tmp
c:\program files\LimeWire\commons-httpclient.pack
c:\program files\LimeWire\commons-logging.jar.tmp
c:\program files\LimeWire\commons-logging.pack
c:\program files\LimeWire\commons-net.jar.tmp
c:\program files\LimeWire\commons-net.pack
c:\program files\LimeWire\commons-pool.jar.tmp
c:\program files\LimeWire\commons-pool.pack
c:\program files\LimeWire\daap.jar.tmp
c:\program files\LimeWire\daap.pack
c:\program files\LimeWire\forms.jar.tmp
c:\program files\LimeWire\forms.pack
c:\program files\LimeWire\foxtrot.jar.tmp
c:\program files\LimeWire\foxtrot.pack
c:\program files\LimeWire\gettext-commons.jar.tmp
c:\program files\LimeWire\gettext-commons.pack
c:\program files\LimeWire\guice-1.0.jar.tmp
c:\program files\LimeWire\guice-1.0.pack
c:\program files\LimeWire\httpcore-nio.jar.tmp
c:\program files\LimeWire\httpcore-nio.pack
c:\program files\LimeWire\httpcore.jar.tmp
c:\program files\LimeWire\httpcore.pack
c:\program files\LimeWire\icu4j.jar.tmp
c:\program files\LimeWire\icu4j.pack
c:\program files\LimeWire\id3v2.jar.tmp
c:\program files\LimeWire\id3v2.pack
c:\program files\LimeWire\jcraft.jar.tmp
c:\program files\LimeWire\jcraft.pack
c:\program files\LimeWire\jdic.jar.tmp
c:\program files\LimeWire\jdic.pack
c:\program files\LimeWire\jdic_stub.jar.tmp
c:\program files\LimeWire\jdic_stub.pack
c:\program files\LimeWire\jflac.jar.tmp
c:\program files\LimeWire\jflac.pack
c:\program files\LimeWire\jl.jar.tmp
c:\program files\LimeWire\jl.pack
c:\program files\LimeWire\jmdns.jar.tmp
c:\program files\LimeWire\jmdns.pack
c:\program files\LimeWire\jogg.jar.tmp
c:\program files\LimeWire\jogg.pack
c:\program files\LimeWire\jorbis.jar.tmp
c:\program files\LimeWire\jorbis.pack
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\LimeWire.jar.tmp
c:\program files\LimeWire\log4j.jar.tmp
c:\program files\LimeWire\log4j.pack
c:\program files\LimeWire\looks.jar.tmp
c:\program files\LimeWire\looks.pack
c:\program files\LimeWire\messages.jar.tmp
c:\program files\LimeWire\messages.pack
c:\program files\LimeWire\mp3spi.jar.tmp
c:\program files\LimeWire\mp3spi.pack
c:\program files\LimeWire\ProgressTabs.jar.tmp
c:\program files\LimeWire\ProgressTabs.pack
c:\program files\LimeWire\swt.jar.tmp
c:\program files\LimeWire\swt.pack
c:\program files\LimeWire\themes.jar.tmp
c:\program files\LimeWire\themes.pack
c:\program files\LimeWire\tritonus.jar.tmp
c:\program files\LimeWire\tritonus.pack
c:\program files\LimeWire\vorbisspi.jar.tmp
c:\program files\LimeWire\vorbisspi.pack
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\system32\O1t6f2r2.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-17 06:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 06:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 06:57 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 06:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 06:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 06:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 06:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 06:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 06:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 06:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 06:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 06:55 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 06:55 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 18:24 . 2009-04-14 18:24 0 ----a-w c:\documents and settings\HOME\settings.dat
2009-04-12 10:47 . 1994-09-21 00:00 92208 ----a-w c:\windows\system\WING.DLL
2009-04-12 10:47 . 1994-09-21 00:00 12800 ----a-w c:\windows\system\WING32.DLL
2009-04-01 18:58 . 2009-02-11 09:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 18:58 . 2009-02-11 09:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 18:58 . 2009-04-01 18:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-01 18:58 . 2009-04-01 18:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 17:45 . 2009-04-18 15:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 17:44 . 2009-04-01 17:44 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\scripting
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\l2schemas
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\en
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\bits
2009-03-31 19:34 . 2009-03-31 19:34 -------- d-----w c:\windows\ServicePackFiles
2009-03-30 18:13 . 2009-03-30 18:13 -------- d-----w c:\program files\Sophos
2009-03-28 17:27 . 2009-03-28 17:27 -------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2009-03-28 16:50 . 2009-03-28 16:50 -------- d-----w c:\documents and settings\HOME\Local Settings\Application Data\Citrix
2009-03-28 16:50 . 2009-03-28 16:50 61224 ----a-w c:\documents and settings\HOME\GoToAssistDownloadHelper.exe
2009-03-28 15:01 . 2009-03-28 15:01 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-26 20:55 . 2009-03-26 20:55 -------- d--h--w c:\windows\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 18:14 . 2008-03-13 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-17 06:56 . 2006-01-18 11:23 -------- d-----w c:\program files\McAfee
2009-04-15 20:51 . 2008-02-03 19:33 -------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-04-01 18:49 . 2006-02-04 13:02 5956 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-01 18:49 . 2006-02-04 13:02 50376 ----a-w c:\documents and settings\HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 19:39 . 2004-08-11 17:14 88499 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 19:32 . 2004-08-11 17:00 250048 --sha-r C:\ntldr
2009-03-28 15:49 . 2008-07-28 14:37 -------- d-----w c:\program files\Bonjour
2009-03-26 20:33 . 2009-02-03 14:31 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-25 10:06 . 2007-02-17 11:09 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 10:06 . 2007-02-17 11:09 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 10:06 . 2007-02-17 11:09 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 10:06 . 2007-02-17 11:09 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 10:05 . 2007-02-17 11:09 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-24 18:38 . 2007-12-03 19:49 268 ---ha-w C:\sqmdata15.sqm
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 13:47 . 2009-03-19 13:47 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-07 19:39 . 2006-01-18 11:23 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-06 14:22 . 2004-08-11 17:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-05-10 05:25 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-11 17:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2004-08-11 17:12 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-09 18:37 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 03:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 03:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-11 17:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 17:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 17:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 17:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-16 11:27 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 17:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2008-10-16 11:27 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 17:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-16 11:27 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-16 11:27 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-11 17:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 17:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-16 11:27 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-11 17:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-10-29 17:29 . 2006-10-29 17:29 49600 ----a-w c:\documents and settings\HOME\Application Data\GDIPFONTCACHEV1.DAT
2006-04-06 06:59 . 2006-04-06 06:59 127 ----a-w c:\documents and settings\HOME\Local Settings\Application Data\fusioncache.dat
2006-07-11 18:54 . 2006-07-11 18:54 56 --sh--r c:\windows\system32\E48057C54E.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_15.40.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 17:00 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2004-08-11 17:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2006-01-28 16:50 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2006-01-28 16:50 . 2007-08-10 19:46 26488 c:\windows\system32\spupdsvc.exe
- 2004-08-11 17:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-11 17:00 . 2009-04-18 15:39 53436 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:00 . 2009-04-20 18:18 53436 c:\windows\system32\perfc009.dat
- 2004-08-11 17:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 17:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 17:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 17:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2006-11-07 21:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 21:03 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 17:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 17:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 03:26 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 03:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-11 17:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2004-08-11 17:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 17:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 11:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2006-10-17 11:58 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-09 18:37 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 18:37 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-11-07 03:26 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 03:26 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
- 2006-01-22 17:14 . 2009-04-18 15:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-22 17:14 . 2009-04-18 15:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-22 17:14 . 2009-04-18 15:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-18 17:41 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-18 17:41 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-18 17:41 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-18 17:41 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-18 17:41 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-18 17:41 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2004-08-11 17:00 . 2008-04-14 00:12 155648 c:\windows\system32\wscript.exe
+ 2004-08-11 17:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
+ 2004-08-11 17:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 17:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 17:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 17:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 17:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 17:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
- 2004-08-11 17:00 . 2008-04-14 00:12 172032 c:\windows\system32\scrrun.dll
+ 2004-08-11 17:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
+ 2004-08-11 17:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
- 2004-08-11 17:00 . 2008-04-14 00:12 180224 c:\windows\system32\scrobj.dll
- 2004-08-11 17:00 . 2009-04-18 15:39 381692 c:\windows\system32\perfh009.dat
+ 2004-08-11 17:00 . 2009-04-20 18:18 381692 c:\windows\system32\perfh009.dat
+ 2004-08-11 17:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2006-11-07 21:03 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-07 21:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-11 17:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 17:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 17:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-11 17:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 17:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
- 2004-08-11 17:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 17:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-11 17:00 . 2008-04-14 00:11 512000 c:\windows\system32\jscript.dll
+ 2004-08-11 17:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 11:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 11:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 11:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
- 2004-08-11 17:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-11 17:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-07 21:03 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-07 21:03 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
- 2006-10-17 12:05 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 12:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
- 2006-10-17 12:04 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 12:04 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-09 18:37 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 18:37 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2007-05-09 18:37 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 03:27 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 18:37 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-05-09 18:37 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 03:27 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 03:27 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 03:26 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 03:26 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
- 2006-11-07 03:26 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 03:26 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-11 17:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
- 2004-08-11 17:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-18 17:41 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-18 17:41 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-18 17:41 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-18 17:41 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-18 17:41 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-18 17:41 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-11 17:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-11 17:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2004-08-11 17:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2008-09-28 14:27 . 2008-09-10 01:14 1307648 c:\windows\system32\msxml6.dll
+ 2004-08-11 17:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2006-11-07 21:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2006-09-05 23:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-09-05 23:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-05-10 05:25 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-09-28 14:27 . 2008-09-10 01:14 1307648 c:\windows\system32\dllcache\msxml6.dll
+ 2006-05-19 15:06 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 18:37 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-09 18:37 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-05-09 18:37 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-18 17:41 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-18 17:41 . 2009-01-16 21:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-18 17:41 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-18 17:41 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-16 11:27 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 11:27 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 11:27 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 11:27 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 11:27 . 2009-02-07 18:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 11:27 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 11:27 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-02-25 10:51 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-12 4898816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-13 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-12 4898816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-18 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R3 MEMSWEEP2;MEMSWEEP2; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
.
Contents of the 'Scheduled Tasks' folder
2008-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-04-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-02 14:23]
2007-02-17 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-17 10:53]
2007-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-17 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.orange.co.uk/all?brand=ou ... &p=_adr&q={searchTerms}
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
TCP: {D2B791E6-E135-46B4-B4B9-21DFC75773DD} = 195.92.195.90 195.92.195.91
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-20 19:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c4,d2,e1,bc,1d,
a5,01,21,c8,28,51,af,b0,29,a3,98,64,51,e1,45,6a,9d,f1,89,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,5a,a7,c5,ae,89,
b0,6c,30,71,3b,04,66,8b,46,0d,96,79,f9,b9,e8,2f,bb,cf,51,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a8,cb,6b,43,0f,
ff,34,2a,25,da,ec,7e,55,20,c9,26,71,18,49,a9,9b,cb,85,84,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,68,f9,d1,c5,97,
30,c6,0a,3e,1e,9e,e0,57,5a,93,61,60,6f,e2,43,5b,5e,e4,4b,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,54,a3,77,ac,f0,
11,7c,a8,cd,44,cd,b9,a6,33,6c,cd,9f,3f,e3,21,c9,52,13,70,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,b4,ad,82,16,af,
96,02,5c,b0,18,ed,a7,3f,8d,37,a4,d8,3c,8e,23,f7,dc,45,98,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,54,95,03,58,ee,
d0,65,22,31,77,e1,ba,b1,f8,68,02,7d,7f,2d,19,6e,27,80,ad,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,82,4b,7e,d0,4a,
84,d3,4e,83,6c,56,8b,a0,85,96,ab,d4,88,24,f0,90,55,ab,16,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,b4,0f,40,6b,
ec,e4,0e,51,fa,6e,91,28,9e,14,cc,38,c0,71,f6,69,27,aa,a8,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,71,cc,60,51,72,
17,2d,a7,b1,cd,45,5a,a8,c4,f8,b9,48,f2,fa,2d,66,e3,5c,82,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,35,a0,e3,ee,f9,
b8,cc,d2,e3,0e,66,d5,eb,bc,2f,6b,8f,06,d4,89,b7,be,74,02,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,d2,42,58,d1,5d,
be,5a,1a,fa,ea,66,7f,d4,3b,6b,70,08,d8,e8,a9,8c,4a,03,5f,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-20 19:49
ComboFix-quarantined-files.txt 2009-04-20 18:49
ComboFix2.txt 2009-04-18 15:42
Pre-Run: 30,193,188,864 bytes free
Post-Run: 30,178,385,920 bytes free
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
632 --- E O F --- 2009-04-19 10:30
GMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-25 13:45:02
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA5174EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA517581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA517498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA5174AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA517595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA5175C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA51762F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA517619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA51752A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA51765B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA51756D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA517470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA517484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA5174FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA517697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA517603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA5175ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA5175AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA517683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA51766F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA5174D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA5174C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA5175D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA517559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA517645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA517540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA517514]
Code \??\C:\DOCUME~1\HOME\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
The pc is running a lot better and boots up ok now.
Thanks for your continued help and support.
I will be able to reply up to 9.30am GMT on the 26th after that I will not have access to the pc for a week.
Thanks again