Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Antivirus Pro

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Antivirus Pro

Unread postby Pi&Chips » August 18th, 2009, 4:39 pm

My neighbour has somehow managed to get this rogue program on his computer, despite (he thought) being protected up to the eyeballs. Please can you help me remove it. HJT log follows. Thanks, Keith

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:44, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Management AppMgmtMSDTC (AppMgmtMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityDnscache (FastUserSwitchingCompatibilityDnscache) - Unknown owner - .exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcJavaQuickStarterService (mnmsrvcJavaQuickStarterService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Installer MSIServerNetman (MSIServerNetman) - Unknown owner - .exe (file missing)
O23 - Service: Network DDE NetDDELmHosts (NetDDELmHosts) - Unknown owner -  .exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Security Accounts Manager SamSsgusvc (SamSsgusvc) - Unknown owner - .exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Portable Media Serial Number Service WmdmPmSNNetDDELmHosts (WmdmPmSNNetDDELmHosts) - Unknown owner - .exe (file missing)
O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

--
End of file - 8647 bytes
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England
Advertisement
Register to Remove

Re: Windows Antivirus Pro

Unread postby Shaba » August 21st, 2009, 12:13 am

Hi kmilne

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 21st, 2009, 4:00 am

Thanks Shaba

Combofix and new HJT logs, as instructed...

ComboFix 09-08-20.03 - Geoff 21/08/2009 8:34.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.640 [GMT 1:00]
Running from: c:\documents and settings\Geoff\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Geoff\Start Menu\Programs\Windows Antivirus Pro
c:\documents and settings\Geoff\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\program files\Windows Antivirus Pro
c:\program files\Windows Antivirus Pro\msvcm80.dll
c:\program files\Windows Antivirus Pro\msvcp80.dll
c:\program files\Windows Antivirus Pro\msvcr80.dll
c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe
c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchast.exe
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\tapi.nfo
c:\windows\system32\tmp.reg
c:\windows\system32\wispex.html

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AntipPro2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-12 06:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 07:44 . 2009-04-23 10:28 117760 ----a-w- c:\documents and settings\Geoff\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:26 . 2009-07-16 19:30 117760 ----a-w- c:\documents and settings\Lin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 06:43 . 2009-05-13 07:32 3429299 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-07-27 22:21 . 2009-07-28 06:43 1588224 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-27 14:43 . 2009-07-27 16:44 1587712 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-24 17:43 . 2009-07-26 15:44 1586176 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-24 09:05 . 2008-07-21 22:51 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2004-08-10 11:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 19:29 . 2009-07-16 19:29 -------- d-----w- c:\documents and settings\Lin\Application Data\SUPERAntiSpyware.com
2009-07-13 22:43 . 2004-08-10 11:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 13:10 . 2009-06-30 13:26 2710528 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-29 18:14 . 2009-06-30 08:17 1547264 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-29 09:01 . 2008-07-21 22:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 09:01 . 2008-07-21 22:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 11:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 12:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 11:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 11:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 17:33 . 2009-06-04 06:09 1494016 ----a-w- c:\windows\Internet Logs\xDB2.tmp
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-22_21.47.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 07:41 . 2009-08-21 07:41 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2009-04-23 09:30 . 2009-02-15 23:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-04-23 09:30 . 2008-11-17 01:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-04-23 09:30 . 2009-02-15 23:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 69000 c:\windows\system32\zlcomm.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 35208 c:\windows\system32\vswmi.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 58248 c:\windows\system32\vsregexp.dll
+ 2008-07-22 08:36 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-10-27 12:47 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
+ 2004-08-10 11:51 . 2009-08-18 17:38 53436 c:\windows\system32\perfc009.dat
- 2004-08-10 11:51 . 2009-04-18 19:13 53436 c:\windows\system32\perfc009.dat
- 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 07:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 16:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
- 2004-08-10 11:51 . 2007-08-13 17:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
- 2004-08-10 11:51 . 2007-08-13 17:32 45568 c:\windows\system32\mshta.exe
+ 2004-08-10 11:51 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 17:36 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 17:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 12:01 . 2004-08-04 04:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2004-08-10 11:51 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-10 11:51 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 11:51 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 11:51 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 11:51 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 07:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2009-06-12 14:17 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2008-04-21 07:03 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:01 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 17:01 . 2007-08-13 17:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-21 07:03 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:32 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-13 17:32 . 2007-08-13 17:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-07-28 09:13 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 17:44 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-21 07:03 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:36 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2008-07-28 09:13 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-07-28 09:13 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 17:39 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-07-28 09:13 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 17:18 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 11:50 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2003-03-18 20:05 . 2003-03-18 20:05 89088 c:\windows\system32\atl71.dll
+ 2004-08-10 11:50 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2009-04-23 09:29 . 2009-04-23 09:29 62464 c:\windows\Installer\5918f9.msi
+ 2009-05-01 19:51 . 2009-05-01 19:51 24064 c:\windows\Installer\4acacd.msi
+ 2009-04-23 08:22 . 2009-04-23 08:22 25214 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader.exe
+ 2009-07-29 07:35 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 07:35 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 07:35 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-06-12 14:17 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-12 14:17 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-12 14:16 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
+ 2009-06-12 14:14 . 2007-08-13 17:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-06-12 14:14 . 2007-08-13 17:32 45568 c:\windows\ie8\mshta.exe
+ 2009-06-12 14:14 . 2007-08-13 17:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-06-12 14:14 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-06-12 14:14 . 2007-08-13 17:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
+ 2009-06-12 14:14 . 2007-08-13 17:39 92672 c:\windows\ie8\inseng.dll
+ 2009-06-12 14:14 . 2007-08-13 17:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-06-12 14:14 . 2007-08-13 17:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
+ 2009-06-12 14:14 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-06-12 14:14 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2009-06-12 14:14 . 2007-08-13 17:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-06-12 14:14 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-06-12 14:14 . 2007-08-13 17:39 71680 c:\windows\ie8\admparse.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-10 07:40 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-10 07:40 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-10 07:40 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-10 07:40 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2009-07-15 20:49 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB971180-IE8\update\spcustom.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB971180-IE8\spmsg.dll
+ 2009-06-10 07:41 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-10 07:41 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB969897-IE7\update\spcustom.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB969897-IE7\spmsg.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\pngfilt.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 52224 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeedsbs.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 27648 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\jsproxy.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 13824 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iernonce.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 78336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieencode.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 70656 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ie4uinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 63488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\icardie.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-10 07:42 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-10 07:42 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-15 20:49 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-15 20:49 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-04-23 09:30 . 2009-04-23 09:30 4212 c:\windows\system32\zllictbl.dat
+ 2008-09-16 15:24 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-09-16 15:24 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2009-06-12 14:17 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 04:23 . 2008-07-29 04:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 04:23 . 2008-07-29 04:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 02:51 . 2008-07-29 02:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-04-23 09:29 . 2009-02-15 23:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-04-23 09:30 . 2007-10-11 15:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-04-23 09:30 . 2008-11-17 01:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-04-23 09:30 . 2008-11-17 01:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-04-23 09:29 . 2009-02-04 17:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-04-23 09:30 . 2008-03-17 15:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 103816 c:\windows\system32\zlcommdb.dll
- 2008-07-28 09:11 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2008-07-28 09:11 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2007-08-13 17:45 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 11:51 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 109960 c:\windows\system32\vsxml.dll
+ 2009-04-23 09:29 . 2009-02-15 23:10 482184 c:\windows\system32\vsutil.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-04-23 09:29 . 2009-02-15 23:10 229256 c:\windows\system32\vsinit.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-04-23 09:29 . 2009-02-15 23:10 110472 c:\windows\system32\vsdata.dll
+ 2004-08-10 11:51 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
- 2004-08-10 11:51 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-10 11:51 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2004-08-10 11:51 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 11:51 . 2009-08-18 17:38 381692 c:\windows\system32\perfh009.dat
- 2004-08-10 11:51 . 2009-04-18 19:13 381692 c:\windows\system32\perfh009.dat
+ 2004-08-10 11:51 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-10 11:51 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 11:51 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
- 2004-08-10 11:51 . 2007-08-13 17:54 156160 c:\windows\system32\msls31.dll
+ 2004-08-10 11:51 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 17:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-10 11:51 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2004-08-10 11:51 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 17:54 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 11:51 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 11:51 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 11:51 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 11:51 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 11:51 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 11:51 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 11:57 . 2009-06-10 07:56 142032 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 11:57 . 2009-03-15 15:42 142032 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 11:51 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 11:51 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 11:51 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-07-21 22:51 . 2009-05-08 16:48 108552 c:\windows\system32\drivers\avgtdix.sys
+ 2008-09-16 15:25 . 2009-07-13 22:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-21 07:04 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 17:54 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 17:54 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 17:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 17:44 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 17:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-21 07:03 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-21 07:03 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 17:54 . 2007-08-13 17:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-07-28 09:13 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:43 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-12 14:17 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-21 07:03 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:39 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-12 14:16 . 2009-05-12 05:11 102912 c:\windows\system32\dllcache\iecompat.dll
+ 2008-07-28 09:13 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 16:56 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 17:39 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-21 07:03 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:39 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 11:50 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2008-09-16 15:23 . 2004-08-04 04:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-16 15:23 . 2004-08-04 04:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2005-04-28 11:39 . 2005-04-28 11:39 198144 c:\windows\Installer\a445.msi
+ 2005-04-28 11:39 . 2005-04-28 11:39 843776 c:\windows\Installer\a437.msi
+ 2005-04-28 11:37 . 2005-04-28 11:37 256000 c:\windows\Installer\a429.msi
+ 2005-04-28 11:36 . 2005-04-28 11:36 171008 c:\windows\Installer\a413.msi
+ 2009-01-03 17:18 . 2009-01-03 17:18 562176 c:\windows\Installer\8c4c7.msi
+ 2004-08-10 12:08 . 2004-08-10 12:08 264704 c:\windows\Installer\7506.msi
+ 2008-07-21 22:51 . 2008-07-21 22:51 337408 c:\windows\Installer\383fb.msi
+ 2005-04-28 11:31 . 2005-04-28 11:31 112128 c:\windows\Installer\1181e.msi
+ 2005-04-28 11:31 . 2005-04-28 11:31 383488 c:\windows\Installer\1181a.msi
+ 2005-04-28 11:31 . 2005-04-28 11:31 275968 c:\windows\Installer\1180e.msi
+ 2005-04-28 11:29 . 2005-04-28 11:29 637440 c:\windows\Installer\11801.msi
+ 2009-07-29 07:35 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 07:35 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 07:35 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 07:35 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 07:35 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 07:35 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 07:35 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 07:35 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 07:35 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-06-12 14:17 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe
+ 2009-06-12 14:17 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-12 14:17 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-12 14:17 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-12 14:17 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-12 14:17 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-06-12 14:14 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
+ 2009-06-12 14:14 . 2007-08-13 17:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-06-12 14:14 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
+ 2009-06-12 14:14 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-06-12 14:14 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
+ 2009-06-12 14:16 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-06-12 14:16 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-12 14:14 . 2006-09-06 16:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-06-12 14:14 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
+ 2009-06-12 14:14 . 2007-08-13 17:54 156160 c:\windows\ie8\msls31.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
+ 2009-06-12 14:14 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-06-12 14:14 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
+ 2009-06-12 14:14 . 2007-08-13 17:54 180736 c:\windows\ie8\ieui.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
+ 2009-06-12 14:14 . 2007-08-13 17:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-06-12 14:14 . 2007-08-13 17:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-06-12 14:14 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
+ 2009-06-10 07:40 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-10 07:40 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-10 07:40 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-10 07:40 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-10 07:40 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-07-15 20:51 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-06-10 07:41 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-10 07:41 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-10 07:41 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-10 07:40 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-10 07:42 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-10 07:42 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-10 07:42 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-07-15 20:49 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-15 20:49 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-15 20:49 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-07-15 20:51 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-15 20:51 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-15 20:51 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-07-15 20:51 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-15 20:51 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-15 20:51 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-06-12 14:17 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB971180-IE8\update\updspapi.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB971180-IE8\update\update.exe
+ 2009-06-12 14:17 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB971180-IE8\spuninst.exe
+ 2009-06-12 14:16 . 2009-05-12 05:11 102912 c:\windows\$hf_mig$\KB971180-IE8\SP3QFE\iecompat.dll
+ 2009-06-10 07:41 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-10 07:41 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-10 07:41 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-10 07:42 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-10 07:42 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-12 14:17 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll
+ 2009-06-12 14:17 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe
+ 2009-06-12 14:17 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe
+ 2009-06-12 14:17 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll
+ 2009-06-12 14:17 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe
+ 2009-06-10 07:40 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE7\update\updspapi.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2009-06-10 07:40 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB969897-IE7\spuninst.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 828928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 233472 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\webcheck.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 105984 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\url.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 102912 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\occache.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 671232 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mstime.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 193024 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msrating.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 477696 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtmled.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 459264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeeds.dll
+ 2009-04-25 05:27 . 2009-04-25 05:27 636088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 268288 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iertutil.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 388608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iedkcs32.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 380928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dll
+ 2009-04-25 05:26 . 2009-04-25 05:26 161792 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakui.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 230400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieaksie.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 153088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakeng.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 132608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\extmgr.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 214528 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtrans.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 347136 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtmsft.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 124928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\advpack.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-10 07:40 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-10 07:40 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-10 07:42 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-10 07:42 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-10 07:42 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-07-15 20:49 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-15 20:49 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-15 20:49 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 1221512 c:\windows\system32\zpeng25.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-04-23 09:30 . 2008-11-17 01:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-04-23 09:30 . 2009-02-15 23:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2004-08-10 11:51 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-10 11:51 . 2004-08-04 04:00 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-10 11:51 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-10 11:51 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2008-03-20 17:06 . 2008-03-20 17:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-13 17:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 15:10 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-10-16 16:16 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-21 07:04 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-10 08:19 . 2009-06-10 08:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2008-04-21 07:03 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-28 09:13 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-07-28 09:13 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 17:20 . 2009-01-07 17:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2008-07-21 22:13 . 2005-04-28 11:28 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2008-09-16 15:25 . 2004-08-04 04:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-16 15:24 . 2004-08-04 04:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 11:08 . 2007-05-25 11:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2005-04-28 11:35 . 2005-04-28 11:35 1989632 c:\windows\Installer\a40b.msi
+ 2005-04-28 11:33 . 2005-04-28 11:33 3924992 c:\windows\Installer\a403.msi
+ 2009-04-18 19:22 . 2009-04-18 19:22 1516544 c:\windows\Installer\9b6b4.msi
+ 2004-08-10 12:09 . 2004-08-10 12:10 3443712 c:\windows\Installer\50c4.msi
+ 2009-04-23 08:22 . 2009-04-23 08:22 2727936 c:\windows\Installer\1a3482.msi
+ 2005-04-28 11:31 . 2005-04-28 11:31 3134464 c:\windows\Installer\11813.msi
+ 2005-04-28 11:30 . 2005-04-28 11:30 1914880 c:\windows\Installer\11808.msi
+ 2009-07-29 07:35 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 07:35 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 07:35 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-06-12 14:17 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-12 14:17 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-12 14:17 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
+ 2009-06-12 14:14 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
+ 2009-06-12 14:14 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
+ 2009-06-12 14:14 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2009-06-10 07:40 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-10 07:40 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-10 07:40 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2009-07-15 20:51 . 2008-12-20 22:14 1288192 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-06-10 07:40 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll
+ 2009-06-12 14:17 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
+ 2009-06-12 14:17 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 1163264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\urlmon.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 3598336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 6069248 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll
+ 2009-06-10 06:59 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dat
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-23 09:30 . 2008-12-15 00:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-04-23 09:30 . 2008-12-15 00:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
+ 2004-08-10 11:51 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2008-07-28 09:05 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2007-08-13 17:54 . 2009-07-19 17:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-09-16 15:25 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-07-28 09:13 . 2009-07-19 17:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2005-04-28 11:35 . 2005-04-28 11:35 12298752 c:\windows\Installer\a40f.msi
+ 2008-07-22 10:25 . 2008-07-22 10:25 15256576 c:\windows\Installer\432d2a.msp
+ 2004-08-10 12:10 . 2004-08-10 12:10 19204096 c:\windows\Installer\1599f.msp
+ 2009-07-29 07:35 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-06-12 14:17 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-06-12 14:17 . 2009-05-01 14:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-07 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-28 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-28 26112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-7-22 962660]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 09:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/07/2008 23:51 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/07/2008 23:51 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 11:43 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/07/2008 08:26 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/07/2008 08:26 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 11:43 7408]
S2 AppMgmtMSDTC;Application Management AppMgmtMSDTC; srv --> srv [?]
S2 FastUserSwitchingCompatibilityDnscache;Fast User Switching Compatibility FastUserSwitchingCompatibilityDnscache; srv --> srv [?]
S2 mnmsrvcJavaQuickStarterService;NetMeeting Remote Desktop Sharing mnmsrvcJavaQuickStarterService; srv --> srv [?]
S2 MSIServerNetman;Windows Installer MSIServerNetman; srv --> srv [?]
S2 NetDDELmHosts;Network DDE NetDDELmHosts; srv -->  srv [?]
S2 SamSsgusvc;Security Accounts Manager SamSsgusvc; srv --> srv [?]
S2 WmdmPmSNNetDDELmHosts;Portable Media Serial Number Service WmdmPmSNNetDDELmHosts; srv --> srv [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [21/07/2008 23:27 20160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtMSDTC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityDnscache]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcJavaQuickStarterService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServerNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDELmHosts]
"ImagePath"="\01\0b srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSsgusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNNetDDELmHosts]
"ImagePath"=" srv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\icq6s.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\ProgID]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\VersionIndependentProgID]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO\CLSID]
@DACL=(02 0000)
@="{359A2ABB-6050-47F1-8642-EFF82F23A4F4}"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO\CurVer]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO.1"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO.1\CLSID]
@DACL=(02 0000)
@="{359A2ABB-6050-47F1-8642-EFF82F23A4F4}"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0]
@DACL=(02 0000)
@="btb 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2009-08-21 8:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 07:47
ComboFix2.txt 2009-04-22 21:49

Pre-Run: 60,049,977,344 bytes free
Post-Run: 60,333,400,064 bytes free

763 --- E O F --- 2009-08-12 08:20



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:49, on 21/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Management AppMgmtMSDTC (AppMgmtMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityDnscache (FastUserSwitchingCompatibilityDnscache) - Unknown owner - .exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcJavaQuickStarterService (mnmsrvcJavaQuickStarterService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Installer MSIServerNetman (MSIServerNetman) - Unknown owner - .exe (file missing)
O23 - Service: Network DDE NetDDELmHosts (NetDDELmHosts) - Unknown owner -  .exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Security Accounts Manager SamSsgusvc (SamSsgusvc) - Unknown owner - .exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Portable Media Serial Number Service WmdmPmSNNetDDELmHosts (WmdmPmSNNetDDELmHosts) - Unknown owner - .exe (file missing)
O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

--
End of file - 8654 bytes
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 21st, 2009, 4:27 am

Have you patched tcpip.sys with some program?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 21st, 2009, 5:43 am

I've done nothing to this computer other than running hjt and combofix. What is tcpip.sys and how might it have been patched?
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 21st, 2009, 6:04 am

I have spoken to the owner of the computer, and he is not aware of having done anything to patch tcpip.sys. All he does, he says, is browse the web and use email. Having said that, his son used the computer recently, and of course denies doing anything suspect...
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 21st, 2009, 6:12 am

Thank you for update.

Please upload this file - c:\windows\system32\drivers\tcpip.sys to http://virusscan.jotti.org and post back results.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 21st, 2009, 2:04 pm

Hi Shaba

Jotti's scanners have found nothing

Keith
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 21st, 2009, 2:30 pm

So then we can assume that it is not bad.

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 21st, 2009, 4:05 pm

gmer log, as requested...

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 21:00:33
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xED948FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xED945C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xED960170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xED949580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xED95D900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xED95DB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xED961B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xED949670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xED946210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xED9609F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xED9607A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xED95D280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xED960F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xED960F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xED946070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xED95F180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xED95EF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xED9616F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xED961150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xED948BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xED961540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xED949190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xED946440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xED9604E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xED95E200]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED8ECF20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 95, 94, ED, 00, D9, 95, ...] {ADC BYTE [EBP-0x26ff126c], 0x95; IN EAX, DX; ADC BL, BL; XCHG EBP, EAX; IN EAX, DX}
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ED94BE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ED94BE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ED94BE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [ED966B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED94BE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ED94DB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ED94BE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ED94E260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ED94D930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [ED9468D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [ED946A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [ED9465E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [ED946980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\InprocServer32@ C:\WINDOWS\system32\icq6s.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\ProgID@ sa_client.HelloWorldBHO.1
Reg HKLM\SOFTWARE\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\TypeLib@ {F7B81DF7-95B2-4ACA-89E0-689AF3B05777}
Reg HKLM\SOFTWARE\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\VersionIndependentProgID@ sa_client.HelloWorldBHO
Reg HKLM\SOFTWARE\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\TypeLib@ {F7B81DF7-95B2-4ACA-89E0-689AF3B05777}
Reg HKLM\SOFTWARE\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\TypeLib@ {F7B81DF7-95B2-4ACA-89E0-689AF3B05777}
Reg HKLM\SOFTWARE\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\sa_client.HelloWorldBHO\CLSID@ {359A2ABB-6050-47F1-8642-EFF82F23A4F4}
Reg HKLM\SOFTWARE\Classes\sa_client.HelloWorldBHO\CurVer@ sa_client.HelloWorldBHO.1
Reg HKLM\SOFTWARE\Classes\sa_client.HelloWorldBHO.1\CLSID@ {359A2ABB-6050-47F1-8642-EFF82F23A4F4}
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0@ btb 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\0\win32@ C:\WINDOWS\system32\icq6s.dll
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0\HELPDIR@ C:\WINDOWS\system32\

---- EOF - GMER 1.0.15 ----
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 22nd, 2009, 5:16 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Driver::
AppMgmtMSDTC
FastUserSwitchingCompatibilityDnscache
mnmsrvcJavaQuickStarterService
MSIServerNetman
NetDDELmHosts
SamSsgusvc
WmdmPmSNNetDDELmHosts


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 22nd, 2009, 8:55 am

Thanks Shaba

Combofix worked without a hitch. Logs from this and HJT follow...

ComboFix 09-08-20.03 - Geoff 22/08/2009 13:37.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.544 [GMT 1:00]
Running from: c:\documents and settings\Geoff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Geoff\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPMGMTMSDTC
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITYDNSCACHE
-------\Legacy_MNMSRVCJAVAQUICKSTARTERSERVICE
-------\Legacy_MSISERVERNETMAN
-------\Legacy_NETDDELMHOSTS
-------\Legacy_SAMSSGUSVC
-------\Legacy_WMDMPMSNNETDDELMHOSTS
-------\Service_AppMgmtMSDTC
-------\Service_FastUserSwitchingCompatibilityDnscache
-------\Service_mnmsrvcJavaQuickStarterService
-------\Service_MSIServerNetman
-------\Service_NetDDELmHosts
-------\Service_SamSsgusvc
-------\Service_WmdmPmSNNetDDELmHosts


((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-12 06:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 12:45 . 2009-04-23 10:28 117760 ----a-w- c:\documents and settings\Geoff\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:26 . 2009-07-16 19:30 117760 ----a-w- c:\documents and settings\Lin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 06:43 . 2009-05-13 07:32 3429299 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-07-27 22:21 . 2009-07-28 06:43 1588224 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-27 14:43 . 2009-07-27 16:44 1587712 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-24 17:43 . 2009-07-26 15:44 1586176 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-24 09:05 . 2008-07-21 22:51 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2004-08-10 11:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 19:29 . 2009-07-16 19:29 -------- d-----w- c:\documents and settings\Lin\Application Data\SUPERAntiSpyware.com
2009-07-13 22:43 . 2004-08-10 11:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 13:10 . 2009-06-30 13:26 2710528 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-29 18:14 . 2009-06-30 08:17 1547264 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-29 09:01 . 2008-07-21 22:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 09:01 . 2008-07-21 22:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 11:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 12:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 11:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 11:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 17:33 . 2009-06-04 06:09 1494016 ----a-w- c:\windows\Internet Logs\xDB2.tmp
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-08-21_07.43.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 12:43 . 2009-08-22 12:43 16384 c:\windows\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-07 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-04-28 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-28 26112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-7-22 962660]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 09:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/07/2008 23:51 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/07/2008 23:51 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 11:43 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/07/2008 08:26 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/07/2008 08:26 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 11:43 7408]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [21/07/2008 23:27 20160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 13:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\icq6s.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\ProgID]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\VersionIndependentProgID]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{101FF1D7-FD1F-4ECB-941E-FE40F5D77F8F}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{633ABCEE-4C68-40E3-87FA-C1AD5A6FB398}\TypeLib]
@DACL=(02 0000)
@="{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO\CLSID]
@DACL=(02 0000)
@="{359A2ABB-6050-47F1-8642-EFF82F23A4F4}"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO\CurVer]
@DACL=(02 0000)
@="sa_client.HelloWorldBHO.1"

[HKEY_LOCAL_MACHINE\software\Classes\sa_client.HelloWorldBHO.1\CLSID]
@DACL=(02 0000)
@="{359A2ABB-6050-47F1-8642-EFF82F23A4F4}"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F7B81DF7-95B2-4ACA-89E0-689AF3B05777}\1.0]
@DACL=(02 0000)
@="btb 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2009-08-22 13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 12:48
ComboFix2.txt 2009-08-21 07:47
ComboFix3.txt 2009-04-22 21:49

Pre-Run: 60,528,242,688 bytes free
Post-Run: 60,475,760,640 bytes free

230 --- E O F --- 2009-08-12 08:20




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:43, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

--
End of file - 7840 bytes
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 22nd, 2009, 12:13 pm

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows Antivirus Pro

Unread postby Pi&Chips » August 22nd, 2009, 3:46 pm

Here's the Kaspersky online scan, and a new HJT log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 22, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 22, 2009 19:51:49
Records in database: 2678126
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 55367
Threats found: 3
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 01:17:50


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tapi.nfo.vir Infected: Trojan-Downloader.Win32.Small.ambv 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP255\A0086702.nfo Infected: Trojan-Downloader.Win32.Small.alwx 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0088536.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0088537.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0088541.nfo Infected: Trojan-Downloader.Win32.Small.ambv 1

Selected area has been scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:02, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/com ... MediaX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

--
End of file - 7879 bytes
Pi&Chips
Regular Member
 
Posts: 276
Joined: December 1st, 2007, 7:30 am
Location: Garden of England

Re: Windows Antivirus Pro

Unread postby Shaba » August 23rd, 2009, 3:20 am

Do you recognize this?

C:\WINDOWS\system32\onhelp.htm

It is desktop component and can be related to current background picture.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware