Free Malware Removal Forum

[EmilyKitty]

Logfile of HijackThis v1.99.1
Scan saved at 10:29, on 2008-05-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\KathiB\Local Settings\Temporary Internet Files\Content.IE5\T9LK7DAR\setup_sbd_en[2].exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [b41727bc] rundll32.exe "C:\WINDOWS\system32\ekbtomcb.dll",b
O4 - HKLM\..\Run: [BMb7241420] Rundll32.exe "C:\WINDOWS\system32\uslrgoiy.dll",s
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152467229
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152455772
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DE0300} (OTAutoInstall Class) - http://88.208.236.38/web/clientdownloads/OTAI.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

[dan12]

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:

• Perform all actions in the order given.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Stick with it till you're given the all clear.
• REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

If you can do these things, everything should go smoothly.

• Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
• Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan

[dan12]

Your version of HJT is out of date

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

* Doubleclick HJTInstall.exe to install it.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

please post new HJT log

[dan12]

you still needing help?

[EmilyKitty]

Here is the new log you wanted.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:29 PM, on 5/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\KathiB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0BF5EC60-D7F8-4019-B169-9952406BC1A1} - C:\WINDOWS\system32\wvuspmnk.dll (file missing)
O2 - BHO: (no name) - {22463993-1DF3-4F29-965D-07E60430B566} - C:\WINDOWS\system32\awtstrss.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A08987FF-B115-4A10-9DC6-4F1A1DDD1E26} - C:\WINDOWS\system32\efcaywxw.dll (file missing)
O2 - BHO: (no name) - {DACF43B3-724D-4637-8F18-5463D3561813} - C:\WINDOWS\system32\hggggefc.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\KathiB\Local Settings\Temporary Internet Files\Content.IE5\T9LK7DAR\setup_sbd_en[2].exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152467229
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152455772
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DE0300} (OTAutoInstall Class) - http://88.208.236.38/web/clientdownloads/OTAI.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5849 bytes

[dan12]

Highjackthis.exe needs a permanant folder of it's own in order to create backups
Create a folder on the desktop, right click on the desktop, select new folder,and name it HJT Now locate C:\Documents and Settings\KathiB\Desktop\HiJackThis.exe
copy and paste it into the new folder ( HJT ) you created on the desktop.
Do this before we continue.

____________


We need to disable windows defender.
A good program but may interfere with our fixes.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender


Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

________________


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.
   

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log and uninstall list

Thanks dan

[EmilyKitty]

ComboFix 08-05-12.1 - KathiB 2008-05-16 17:58:11.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.232 [GMT -6:00]
Running from: C:\Documents and Settings\KathiB\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 17:50 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\SYSTEM32\D3DX9_37.dll
2008-05-16 17:50 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\SYSTEM32\d3dx9_36.dll
2008-05-16 17:50 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_37.dll
2008-05-16 17:50 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_36.dll
2008-05-16 17:50 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\SYSTEM32\XAudio2_0.dll
2008-05-16 17:50 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\SYSTEM32\d3dx10_37.dll
2008-05-16 17:50 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_36.dll
2008-05-16 17:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\SYSTEM32\xactengine2_10.dll
2008-05-16 17:50 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\SYSTEM32\xactengine3_0.dll
2008-05-16 17:50 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\SYSTEM32\X3DAudio1_3.dll
2008-05-16 17:45 . 2008-05-16 17:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-16 00:19 . 2008-05-16 00:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-16 00:15 . 2008-05-16 00:36 <DIR> d-------- C:\SDFix
2008-05-14 21:51 . 2008-05-14 21:51 2,112 --a------ C:\WINDOWS\SYSTEM32\bojrorqd.exe
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\KathiB\Application Data\Malwarebytes
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 10:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-14 10:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-14 10:32 . 2008-05-14 10:32 2,112 --a------ C:\WINDOWS\SYSTEM32\aaysdvpr.exe
2008-05-14 10:15 . 2008-05-14 10:15 2,112 --a------ C:\WINDOWS\SYSTEM32\ogwhmwlb.exe
2008-05-12 21:28 . 2008-05-12 21:28 2,112 --a------ C:\WINDOWS\SYSTEM32\jlgvtxnk.exe
2008-05-12 12:52 . 2008-05-12 12:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 12:52 . 2008-05-12 12:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-12 12:47 . 2008-05-12 12:47 2,112 --a------ C:\WINDOWS\SYSTEM32\vbmdsrtd.exe
2008-05-10 17:47 . 2008-05-10 17:47 2,112 --a------ C:\WINDOWS\SYSTEM32\fxydiket.exe
2008-05-09 23:22 . 2008-05-16 08:48 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2008-05-07 05:03 . 2008-05-07 05:03 <DIR> d-------- C:\Documents and Settings\KathiB\Application Data\Talkback
2008-05-07 04:29 . 2008-05-07 04:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-07 03:53 . 2008-05-07 03:53 2,112 --a------ C:\WINDOWS\SYSTEM32\atjsiktu.exe
2008-05-07 02:36 . 2008-05-12 21:07 867 --a------ C:\WINDOWS\wininit.ini
2008-05-07 01:50 . 2008-05-07 01:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-07 01:46 . 2008-05-12 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 01:46 . 2008-05-12 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 00:39 . 2008-05-07 00:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-07 00:36 . 2008-05-07 00:36 <DIR> d-------- C:\11c445790922ff44fe83
2008-05-07 00:30 . 2008-05-07 00:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-05-07 00:30 . 2008-05-07 00:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-05-07 00:04 . 2008-05-07 00:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTemp
2008-05-07 00:02 . 2008-05-07 00:02 2,010 --a------ C:\Documents and Settings\KathiB\Application Data\update.log
2008-05-06 23:42 . 2008-05-06 23:42 2,112 --a------ C:\WINDOWS\SYSTEM32\kecjadop.exe
2008-05-06 23:36 . 2008-04-13 18:12 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 22:38 . 2008-04-13 18:12 1,306,624 --a------ C:\WINDOWS\SYSTEM32\msxml6.dll
2008-05-06 22:37 . 2006-10-18 21:47 991,744 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\drmv2clt.dll
2008-05-06 22:36 . 2006-10-18 21:47 542,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\blackbox.dll
2008-05-06 21:10 . 2008-05-06 21:10 <DIR> d-------- C:\Program Files\Universal
2008-04-26 19:38 . 2008-04-26 19:42 733,018 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 05:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 09:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-15 21:12 --------- d-----w C:\Documents and Settings\KathiB\Application Data\Symantec
2008-04-15 13:19 --------- d-----w C:\Program Files\COMPAQ
2008-04-14 21:04 --------- d-----w C:\Program Files\Common Files\Java
2008-04-14 15:05 --------- d-----w C:\Program Files\Java
2008-04-14 11:42 985,088 ----a-w C:\WINDOWS\SYSTEM32\setupapi.dll
2008-04-14 11:42 11,264 ----a-w C:\WINDOWS\SYSTEM32\spnpinst.exe
2008-04-14 11:41 423,936 ----a-w C:\WINDOWS\SYSTEM32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\SYSTEM32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\SYSTEM32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\SYSTEM32\drmclien.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\SYSTEM32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\SYSTEM32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\SYSTEM32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\SYSTEM32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\SYSTEM32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\SYSTEM32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-14_21.38.00.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-16 23:49:16 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-16 23:49:17 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-16 23:49:17 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-16 23:48:57 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:00 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:01 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:02 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:03 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:04 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:04 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:05 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:05 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:18 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 23:49:18 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-16 23:49:19 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-16 23:49:20 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-16 23:49:20 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-16 23:49:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-15 03:28:58 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-16 23:27:28 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-13 08:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-16 06:20:16 2,813,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-16 06:20:16 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-13 08:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-16 06:20:00 2,813,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-16 06:20:00 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-14 00:11:48 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-08-18 19:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-14 00:11:59 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-08-18 19:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-14 00:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 00:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 23:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 23:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-04-14 00:12:08 619,520 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-14 00:12:08 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-08-14 00:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-14 00:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll.000
+ 2007-08-14 00:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-14 00:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll.000
+ 2007-08-14 00:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-14 00:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll.000
+ 2007-08-14 00:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe.000
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll.000
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll.000
+ 2007-08-13 23:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-08-13 23:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll.000
+ 2007-02-12 22:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 18:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll.000
+ 2007-08-14 00:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll.000
+ 2007-08-14 00:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-14 00:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe.000
+ 2007-08-14 00:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-14 00:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll.000
+ 2007-08-14 00:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-14 00:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-14 00:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-14 00:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-08-14 00:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-14 00:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll.000
+ 2007-08-14 00:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-14 00:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll.000
+ 2007-08-14 00:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-14 00:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll.000
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll.000
+ 2007-08-14 00:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-08-14 00:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\updspapi.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-08-14 00:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-14 00:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-08-14 00:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-08-14 00:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2006-02-03 14:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-09-28 22:03:28 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll
+ 2007-06-21 02:45:20 18,280 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_2.dll
+ 2005-03-18 22:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 22:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 22:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 18:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 22:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 22:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 22:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 22:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 22:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 21:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 01:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 21:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 23:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 20:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 23:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 13:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 17:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2008-04-14 00:11:48 61,440 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
+ 2007-08-14 00:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
- 2008-04-14 00:11:48 99,840 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2007-03-12 22:42:30 1,123,696 ----a-w C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
+ 2007-05-16 22:45:16 1,124,720 ----a-w C:\WINDOWS\SYSTEM32\D3DCompiler_34.dll
+ 2007-07-20 00:14:42 1,358,192 ----a-w C:\WINDOWS\SYSTEM32\D3DCompiler_35.dll
+ 2007-03-15 22:57:58 443,752 ----a-w C:\WINDOWS\SYSTEM32\d3dx10_33.dll
+ 2007-05-16 22:45:16 443,752 ----a-w C:\WINDOWS\SYSTEM32\d3dx10_34.dll
+ 2007-07-20 00:14:42 444,776 ----a-w C:\WINDOWS\SYSTEM32\d3dx10_35.dll
+ 2005-02-06 01:45:26 2,222,800 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_24.dll
+ 2005-03-18 23:19:58 2,337,488 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_25.dll
+ 2005-05-26 21:34:52 2,297,552 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_26.dll
+ 2005-07-23 01:59:04 2,319,568 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_27.dll
+ 2005-12-06 00:09:18 2,323,664 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_28.dll
+ 2006-02-03 14:43:16 2,332,368 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_29.dll
+ 2006-03-31 18:40:58 2,388,176 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_30.dll
+ 2006-09-28 22:05:20 2,414,360 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_31.dll
+ 2006-11-29 19:06:18 3,426,072 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_32.dll
+ 2007-03-12 22:42:30 3,495,784 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_33.dll
+ 2007-05-16 22:45:16 3,497,832 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_34.dll
+ 2007-07-20 00:14:42 3,727,720 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_35.dll
+ 2007-08-14 00:39:20 71,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2006-09-23 19:12:50 1,022,976 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2007-08-14 00:42:54 17,408 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
- 2008-04-14 00:11:51 33,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
+ 2007-08-14 00:54:10 33,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
+ 2008-03-01 13:06:21 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-14 00:18:02 60,416 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-08-14 00:44:02 69,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-14 00:45:18 78,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-08-14 00:54:10 191,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-14 00:39:12 55,296 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-14 00:36:06 36,352 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
+ 2007-08-14 00:39:02 92,672 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2007-08-14 00:38:04 491,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-08-14 00:44:18 40,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2007-08-14 00:32:30 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
+ 2008-03-02 00:36:30 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-14 00:01:12 48,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2007-08-14 00:54:10 156,160 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2006-09-23 19:12:50 1,497,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2006-09-23 19:12:50 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-08-14 00:54:10 413,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
+ 2007-08-14 00:54:10 765,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-04-14 00:11:52 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-04-14 00:11:52 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-04-14 00:11:53 55,808 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-04-14 00:12:22 34,304 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-04-14 00:11:54 143,360 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-04-14 00:11:54 216,576 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2001-08-18 19:00:00 221,184 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-04-14 00:11:54 323,584 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-04-14 00:11:54 251,904 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2007-08-14 00:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2008-04-14 00:11:54 48,640 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-04-14 00:11:54 62,976 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-14 00:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-14 00:54:10 180,736 ------w C:\WINDOWS\SYSTEM32\ieui.dll
- 2008-04-14 00:11:54 35,840 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
+ 2007-08-14 00:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
- 2008-04-14 00:11:55 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2007-08-14 00:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2008-04-14 00:11:56 15,872 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-04-14 00:11:56 22,016 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2007-08-14 00:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2008-05-09 20:35:06 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2007-08-14 00:36:40 12,288 ------w C:\WINDOWS\SYSTEM32\msfeedssync.exe
- 2008-04-14 00:12:27 29,184 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
+ 2007-08-14 00:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
- 2008-04-14 00:11:59 3,066,880 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-04-14 00:11:59 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-04-13 16:26:26 56,832 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
+ 2007-08-14 00:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
- 2001-08-18 19:00:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
+ 2007-08-14 00:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
- 2008-04-14 00:12:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-04-14 00:12:00 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-04-14 00:12:02 96,256 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-04-14 00:12:02 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-10-27 22:39:36 13,536 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-04-14 00:12:08 37,888 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-04-14 00:12:08 619,520 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-04-14 00:12:08 276,480 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-08-14 00:45:16 206,336 ------w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
- 2008-04-14 00:12:08 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2006-02-03 14:41:26 14,032 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_0.dll
+ 2007-03-05 18:42:18 15,128 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_1.dll
+ 2007-10-22 09:37:16 17,928 ----a-w C:\WINDOWS\SYSTEM32\X3DAudio1_2.dll
+ 2006-02-03 14:42:06 230,096 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_0.dll
+ 2006-03-31 18:39:48 229,584 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_1.dll
+ 2006-05-31 13:24:16 230,168 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_2.dll
+ 2006-07-28 15:30:32 236,824 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_3.dll
+ 2006-09-28 22:05:56 237,848 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_4.dll
+ 2006-12-08 18:02:00 251,672 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_5.dll
+ 2007-01-24 21:27:30 255,848 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_6.dll
+ 2007-04-05 00:55:00 261,480 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_7.dll
+ 2007-06-21 02:46:04 266,088 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_8.dll
+ 2007-07-20 06:57:12 267,112 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_9.dll
+ 2006-03-31 18:39:24 62,672 ----a-w C:\WINDOWS\SYSTEM32\xinput1_1.dll
+ 2006-07-28 15:30:14 62,744 ----a-w C:\WINDOWS\SYSTEM32\xinput1_2.dll
+ 2007-04-05 00:53:42 81,768 ----a-w C:\WINDOWS\SYSTEM32\xinput1_3.dll
+ 2005-12-06 00:07:30 61,136 ----a-w C:\WINDOWS\SYSTEM32\xinput9_1_0.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BF5EC60-D7F8-4019-B169-9952406BC1A1}]
C:\WINDOWS\system32\wvuspmnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22463993-1DF3-4F29-965D-07E60430B566}]
C:\WINDOWS\system32\awtstrss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A08987FF-B115-4A10-9DC6-4F1A1DDD1E26}]
C:\WINDOWS\system32\efcaywxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DACF43B3-724D-4637-8F18-5463D3561813}]
C:\WINDOWS\system32\hggggefc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="" []
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 13:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00 28739]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-07-27 13:18 94208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-07-27 13:17 282624]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 15:34 36864]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2000-01-10 05:17 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 13:00:00 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 23:30:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-02-11 00:00:23 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-02-11 00:00:24 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-02-11 00:00:24 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 18:01:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 18:04:21
ComboFix-quarantined-files.txt 2008-05-17 00:03:32
ComboFix2.txt 2008-05-16 04:44:48
ComboFix3.txt 2008-05-15 03:39:37

Pre-Run: 8,057,250,816 bytes free
Post-Run: 8,086,859,264 bytes free

533 --- E O F --- 2008-05-16 07:10:32













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:55 PM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KathiB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0BF5EC60-D7F8-4019-B169-9952406BC1A1} - C:\WINDOWS\system32\wvuspmnk.dll (file missing)
O2 - BHO: (no name) - {22463993-1DF3-4F29-965D-07E60430B566} - C:\WINDOWS\system32\awtstrss.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A08987FF-B115-4A10-9DC6-4F1A1DDD1E26} - C:\WINDOWS\system32\efcaywxw.dll (file missing)
O2 - BHO: (no name) - {DACF43B3-724D-4637-8F18-5463D3561813} - C:\WINDOWS\system32\hggggefc.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152467229
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152455772
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DE0300} (OTAutoInstall Class) - http://88.208.236.38/web/clientdownloads/OTAI.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5739 bytes













Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Compaq Advisor
Compaq Wallpaper
ExamView Pro
Full Tilt Poker.Net
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
iTunes
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word Viewer 97
Microsoft Works 6.0
Mosby's Pharmacy Technician Principles & Practice
NetWaiting
QuickTime
RealPlayer Basic
S3 Graphics Utilities
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
SoundMAX2
Synaptics TouchPad
Twister and Utilities
Windows Defender
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

[dan12]

Hi, can you look where you found the cf report for the first scan you did, as that tells me a lot of information regarding the files that cf has dealt with, it seems you have run cf roughly 5 times already.why was that did you have a problem? don't worry if you cant find it but would help.
thanks

[EmilyKitty]

I am sorry, I cant find it. Im not sure it exists. I had to run combofix a few times because my computer was freezing at random while running, and the only way to fix the freeze was to unplug it. However, since I ran, Malwarebytes, Anti-Malware and SDfix, my computer has not froze up again.

[dan12]

please try whilst were carrying out the fix not to use tools I've not asked for, it will cause a lot of problems and myself having to spend a lot of time researching files that have been taken out by tools you have used.If you start using tools that do not have an infection that a particular tool targets, can get you into a lot of trouble.The first run of combo would of helped, however I wil be back shrotly for a script for you to run.

[dan12]

1. Click on Start > Control Panel and double click on Add/Remove Programs.
   
2. Locate Full Tilt Poker.Net and click on the Change/Remove button to uninstall it.
   
3. Close Add/Remove Programs and Control Panel.

Here's a list of safe Poker sites:

http://www.pokerstars.net/ - This is a free to use/play site.
http://www.pokerstars.com/ - This is the paid for version.

Here's a list of bad Poker sites:

http://malwareremoval.com/forum/viewtop ... =4&t=23145

_________________


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all

File::
C:\WINDOWS\SYSTEM32\bojrorqd.exe
C:\WINDOWS\SYSTEM32\aaysdvpr.exe
C:\WINDOWS\SYSTEM32\ogwhmwlb.exe
C:\WINDOWS\SYSTEM32\jlgvtxnk.exe
C:\WINDOWS\SYSTEM32\vbmdsrtd.exe
C:\WINDOWS\SYSTEM32\fxydiket.exe
C:\WINDOWS\nsreg.dat
C:\WINDOWS\SYSTEM32\atjsiktu.exe
C:\WINDOWS\SYSTEM32\kecjadop.exe
C:\WINDOWS\system32\wvuspmnk.dll
C:\WINDOWS\system32\awtstrss.dll
C:\WINDOWS\system32\efcaywxw.dll
C:\WINDOWS\system32\hggggefc.dll

Folder::
C:\SDFix

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BF5EC60-D7F8-4019-B169-9952406BC1A1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22463993-1DF3-4F29-965D-07E60430B566}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A08987FF-B115-4A10-9DC6-4F1A1DDD1E26}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DACF43B3-724D-4637-8F18-5463D3561813}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"=-

DirLook::
C:\11c445790922ff44fe83

    

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

________________

Now you can do me a malwarebytes full scan which you already have on board, update before scanning!

__________

Post the combofix scan
malwarebytes report
New HJT log

[EmilyKitty]

ComboFix 08-05-12.1 - KathiB 2008-05-16 20:54:25.6 - NTFSx86
Running from: C:\Documents and Settings\KathiB\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KathiB\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\nsreg.dat
C:\WINDOWS\SYSTEM32\aaysdvpr.exe
C:\WINDOWS\SYSTEM32\atjsiktu.exe
C:\WINDOWS\system32\awtstrss.dll
C:\WINDOWS\SYSTEM32\bojrorqd.exe
C:\WINDOWS\system32\efcaywxw.dll
C:\WINDOWS\SYSTEM32\fxydiket.exe
C:\WINDOWS\system32\hggggefc.dll
C:\WINDOWS\SYSTEM32\jlgvtxnk.exe
C:\WINDOWS\SYSTEM32\kecjadop.exe
C:\WINDOWS\SYSTEM32\ogwhmwlb.exe
C:\WINDOWS\SYSTEM32\vbmdsrtd.exe
C:\WINDOWS\system32\wvuspmnk.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\nsreg.dat
C:\WINDOWS\SYSTEM32\aaysdvpr.exe
C:\WINDOWS\SYSTEM32\atjsiktu.exe
C:\WINDOWS\SYSTEM32\bojrorqd.exe
C:\WINDOWS\SYSTEM32\fxydiket.exe
C:\WINDOWS\SYSTEM32\jlgvtxnk.exe
C:\WINDOWS\SYSTEM32\kecjadop.exe
C:\WINDOWS\SYSTEM32\ogwhmwlb.exe
C:\WINDOWS\SYSTEM32\vbmdsrtd.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-16 20:08 . 2008-05-16 20:08 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-05-16 20:08 . 2008-05-16 20:08 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-05-16 20:07 . 2008-05-16 20:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-05-16 20:07 . 2008-05-16 20:07 <DIR> d-------- C:\Program Files\AVG
2008-05-16 20:07 . 2008-05-16 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-16 20:07 . 2008-05-16 20:07 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-16 17:50 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\SYSTEM32\D3DX9_37.dll
2008-05-16 17:50 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\SYSTEM32\d3dx9_36.dll
2008-05-16 17:50 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_37.dll
2008-05-16 17:50 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_36.dll
2008-05-16 17:50 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\SYSTEM32\XAudio2_0.dll
2008-05-16 17:50 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\SYSTEM32\d3dx10_37.dll
2008-05-16 17:50 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\SYSTEM32\d3dx10_36.dll
2008-05-16 17:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\SYSTEM32\xactengine2_10.dll
2008-05-16 17:50 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\SYSTEM32\xactengine3_0.dll
2008-05-16 17:50 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\SYSTEM32\X3DAudio1_3.dll
2008-05-16 00:19 . 2008-05-16 00:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\KathiB\Application Data\Malwarebytes
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 10:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-14 10:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-12 12:52 . 2008-05-12 12:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 12:52 . 2008-05-12 12:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 23:22 . 2008-05-16 20:49 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2008-05-07 05:03 . 2008-05-07 05:03 <DIR> d-------- C:\Documents and Settings\KathiB\Application Data\Talkback
2008-05-07 02:36 . 2008-05-12 21:07 867 --a------ C:\WINDOWS\wininit.ini
2008-05-07 01:50 . 2008-05-07 01:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-07 01:46 . 2008-05-12 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 01:46 . 2008-05-12 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 00:39 . 2008-05-07 00:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-07 00:36 . 2008-05-07 00:36 <DIR> d-------- C:\11c445790922ff44fe83
2008-05-07 00:30 . 2008-05-07 00:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-05-07 00:30 . 2008-05-07 00:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-05-07 00:04 . 2008-05-07 00:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTemp
2008-05-07 00:02 . 2008-05-07 00:02 2,010 --a------ C:\Documents and Settings\KathiB\Application Data\update.log
2008-05-06 23:36 . 2008-04-13 18:12 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-05-06 23:09 . 2008-05-06 23:09 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 22:38 . 2008-04-13 18:12 1,306,624 --a------ C:\WINDOWS\SYSTEM32\msxml6.dll
2008-05-06 22:37 . 2006-10-18 21:47 991,744 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\drmv2clt.dll
2008-05-06 22:36 . 2006-10-18 21:47 542,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\blackbox.dll
2008-05-06 21:10 . 2008-05-06 21:10 <DIR> d-------- C:\Program Files\Universal
2008-04-26 19:38 . 2008-04-26 19:42 733,018 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 02:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 09:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-15 21:12 --------- d-----w C:\Documents and Settings\KathiB\Application Data\Symantec
2008-04-15 13:19 --------- d-----w C:\Program Files\COMPAQ
2008-04-14 21:04 --------- d-----w C:\Program Files\Common Files\Java
2008-04-14 15:05 --------- d-----w C:\Program Files\Java
2008-04-14 11:42 985,088 ----a-w C:\WINDOWS\SYSTEM32\setupapi.dll
2008-04-14 11:42 11,264 ----a-w C:\WINDOWS\SYSTEM32\spnpinst.exe
2008-04-14 11:41 423,936 ----a-w C:\WINDOWS\SYSTEM32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\SYSTEM32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\SYSTEM32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\SYSTEM32\drmclien.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\SYSTEM32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\SYSTEM32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\SYSTEM32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\SYSTEM32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\SYSTEM32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\SYSTEM32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\11c445790922ff44fe83 ----

2008-05-07 00:36 788 --ah----- C:\11c445790922ff44fe83\$shtdwn$.req
2006-11-02 12:16 4971 --a------ C:\11c445790922ff44fe83\update\update.ver
2006-11-02 12:13 27554 --a------ C:\11c445790922ff44fe83\update\wmp11.cat
2006-11-02 12:12 54145 --a------ C:\11c445790922ff44fe83\update\update.inf
2006-11-02 12:12 11596 --a------ C:\11c445790922ff44fe83\update\wmp11.cdf
2006-11-01 18:31 315904 --a------ C:\11c445790922ff44fe83\unregmp2.exe
2006-11-01 18:31 1669120 --a------ C:\11c445790922ff44fe83\setup_wm.exe
2006-10-18 21:58 8704 --a------ C:\11c445790922ff44fe83\wmccfg.exe
2006-10-18 21:58 8704 --a------ C:\11c445790922ff44fe83\wmccds.exe
2006-10-18 21:47 99840 --a------ C:\11c445790922ff44fe83\wmpshell.dll
2006-10-18 21:47 96256 --a------ C:\11c445790922ff44fe83\wmpband.dll
2006-10-18 21:47 8231936 --a------ C:\11c445790922ff44fe83\wmploc.dll
2006-10-18 21:47 7168 --a------ C:\11c445790922ff44fe83\asferror.dll
2006-10-18 21:47 613376 --a------ C:\11c445790922ff44fe83\wmpmde.dll
2006-10-18 21:47 4096 --a------ C:\11c445790922ff44fe83\wmcsci.dll
2006-10-18 21:47 4096 --a------ C:\11c445790922ff44fe83\wmccpl.dll
2006-10-18 21:47 314880 --a------ C:\11c445790922ff44fe83\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\11c445790922ff44fe83\wmpeffects.dll
2006-10-18 21:47 243712 --a------ C:\11c445790922ff44fe83\mpvis.dll
2006-10-18 21:47 242688 --a------ C:\11c445790922ff44fe83\wmpasf.dll
2006-10-18 21:47 227328 --a------ C:\11c445790922ff44fe83\wmerror.dll
2006-10-18 21:47 204288 --a------ C:\11c445790922ff44fe83\wmpsrcwp.dll
2006-10-18 21:47 198144 --a------ C:\11c445790922ff44fe83\wmpnssci.dll
2006-10-18 21:47 1661440 --a------ C:\11c445790922ff44fe83\wmpencen.dll
2006-10-18 21:47 130048 --a------ C:\11c445790922ff44fe83\wmpps.dll
2006-10-18 21:47 10834432 --a------ C:\11c445790922ff44fe83\wmp.dll
2006-10-18 21:46 64000 --a------ C:\11c445790922ff44fe83\wmplayer.exe
2006-10-18 20:05 913408 --a------ C:\11c445790922ff44fe83\wmpnetwk.exe
2006-10-18 20:05 25600 --a------ C:\11c445790922ff44fe83\wmpenc.exe
2006-10-18 20:05 241664 --a------ C:\11c445790922ff44fe83\wmlaunch.exe
2006-10-18 20:05 232448 --a------ C:\11c445790922ff44fe83\l3codecp.acm
2006-10-18 20:05 204288 --a------ C:\11c445790922ff44fe83\wmpnscfg.exe
2006-10-18 20:04 493568 --a------ C:\11c445790922ff44fe83\wmdbexport.exe
2006-10-18 20:04 36864 --a------ C:\11c445790922ff44fe83\wmpshare.exe
2006-10-06 20:00 5275 --a------ C:\11c445790922ff44fe83\eula.txt
2006-09-14 17:00 337725 --a------ C:\11c445790922ff44fe83\wmp11.chm
2006-08-25 17:09 2428 --a------ C:\11c445790922ff44fe83\wmp11.inf
2006-08-09 17:00 875250 --a------ C:\11c445790922ff44fe83\wmc_color48.bmp
2006-08-09 17:00 875250 --a------ C:\11c445790922ff44fe83\wmc_color32.bmp
2006-08-09 17:00 875250 --a------ C:\11c445790922ff44fe83\wmc_bw48.bmp
2006-08-09 17:00 875250 --a------ C:\11c445790922ff44fe83\wmc_bw32.bmp
2006-08-09 17:00 5498 --a------ C:\11c445790922ff44fe83\wmc_color48.png
2006-08-09 17:00 5498 --a------ C:\11c445790922ff44fe83\wmc_color120.png
2006-08-09 17:00 5498 --a------ C:\11c445790922ff44fe83\wmc_bw48.png
2006-08-09 17:00 5498 --a------ C:\11c445790922ff44fe83\wmc_bw120.png
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_color48.jpg
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_color32.jpg
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_color120.jpg
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_bw48.jpg
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_bw32.jpg
2006-08-09 17:00 5339 --a------ C:\11c445790922ff44fe83\wmc_bw120.jpg
2006-08-09 17:00 148 --a------ C:\11c445790922ff44fe83\mediareceiverregistrar_stub.xml
2006-08-09 17:00 148 --a------ C:\11c445790922ff44fe83\contentdirectory_stub.xml
2006-08-09 17:00 148 --a------ C:\11c445790922ff44fe83\connectionmanager_stub.xml
2006-06-27 19:00 410928 --a------ C:\11c445790922ff44fe83\legitlibm.dll
2006-05-16 18:11 716000 --a------ C:\11c445790922ff44fe83\update\update.exe
2006-05-16 18:11 371424 --a------ C:\11c445790922ff44fe83\update\updspapi.dll
2006-05-16 18:11 22752 --a------ C:\11c445790922ff44fe83\spupdsvc.exe
2006-05-16 18:11 213216 --a------ C:\11c445790922ff44fe83\spuninst.exe
2006-04-25 10:18 9886 --a------ C:\11c445790922ff44fe83\wmpnss_bw120.png
2006-04-25 10:18 863 --a------ C:\11c445790922ff44fe83\wmpnss_color32.jpg
2006-04-25 10:18 7774 --a------ C:\11c445790922ff44fe83\wmpnss_color120.png
2006-04-25 10:18 715 --a------ C:\11c445790922ff44fe83\wmpnss_bw32.jpg
2006-04-25 10:18 7070 --a------ C:\11c445790922ff44fe83\contentdirectory.xml
2006-04-25 10:18 5422 --a------ C:\11c445790922ff44fe83\connectionmanager.xml
2006-04-25 10:18 4664 --a------ C:\11c445790922ff44fe83\wmpnss_color48.bmp
2006-04-25 10:18 4664 --a------ C:\11c445790922ff44fe83\wmpnss_bw48.bmp
2006-04-25 10:18 3829 --a------ C:\11c445790922ff44fe83\wmpnss_color120.jpg
2006-04-25 10:18 3383 --a------ C:\11c445790922ff44fe83\wmpnss_bw120.jpg
2006-04-25 10:18 2574 --a------ C:\11c445790922ff44fe83\mediareceiverregistrar.xml
2006-04-25 10:18 2321 --a------ C:\11c445790922ff44fe83\wmpnss_color48.png
2006-04-25 10:18 2141 --a------ C:\11c445790922ff44fe83\wmpnss_bw48.png
2006-04-25 10:18 2104 --a------ C:\11c445790922ff44fe83\wmpnss_color32.bmp
2006-04-25 10:18 2104 --a------ C:\11c445790922ff44fe83\wmpnss_bw32.bmp
2006-04-25 10:18 1300 --a------ C:\11c445790922ff44fe83\wmpnss_color48.jpg
2006-04-25 10:18 1008 --a------ C:\11c445790922ff44fe83\wmpnss_bw48.jpg
2006-04-25 10:10 69612 --a------ C:\11c445790922ff44fe83\wmplayer.adm


((((((((((((((((((((((((((((( snapshot_2008-05-16_18.03.14.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 03:47:21 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-05-17 01:59:38 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-05-13 03:47:50 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-05-17 01:59:59 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-05-13 03:47:52 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-17 02:00:01 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-05-13 03:47:55 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-05-17 02:00:03 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-05-13 03:47:40 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-05-17 01:59:54 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-05-13 03:47:05 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-05-17 01:59:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-05-13 03:47:05 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-05-17 01:59:17 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-05-13 03:48:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-05-17 02:00:19 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-05-13 03:47:29 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-17 01:59:48 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-05-13 03:47:17 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-05-17 01:59:35 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-05-13 03:47:03 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-05-17 01:59:16 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-05-13 03:47:08 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-05-17 01:59:21 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-05-13 03:47:45 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-05-17 01:59:57 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-05-13 03:47:47 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-05-17 01:59:58 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-05-13 03:47:48 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-05-17 01:59:58 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-05-13 03:47:12 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-05-17 01:59:23 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-05-13 03:47:13 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-05-17 01:59:27 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-05-13 03:47:15 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-05-17 01:59:30 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-05-13 03:47:16 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-05-17 01:59:33 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-05-13 03:47:10 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-05-17 01:59:21 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-05-13 03:48:16 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-05-17 02:00:27 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-05-13 03:48:15 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-05-17 02:00:25 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-05-13 03:46:55 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-05-17 01:59:06 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-05-13 03:48:13 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-05-17 02:00:23 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-05-13 03:48:17 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-05-17 02:00:30 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-05-13 03:47:02 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-05-17 01:59:15 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-05-13 03:46:58 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-05-17 01:59:11 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-05-13 03:46:59 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-05-17 01:59:14 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-05-13 03:48:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-05-17 02:00:09 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-05-13 03:47:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-05-17 01:59:40 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-05-13 03:48:04 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-05-17 02:00:11 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-05-13 03:47:57 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-05-17 02:00:04 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-05-13 03:47:07 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-05-17 01:59:20 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-05-13 03:47:43 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-05-17 01:59:56 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-05-13 03:47:25 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-05-17 01:59:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-05-13 03:47:24 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-05-17 01:59:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-05-13 03:47:27 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-05-17 01:59:46 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-05-13 03:48:07 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-05-17 02:00:15 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-05-13 03:47:58 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-05-17 02:00:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-05-13 03:48:09 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-05-17 02:00:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-05-13 03:48:00 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-05-17 02:00:06 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-05-13 03:48:02 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-05-17 02:00:07 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-05-13 03:47:19 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-05-17 01:59:37 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-05-13 03:47:28 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-05-17 01:59:47 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-05-13 03:48:12 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-05-17 02:00:21 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-05-13 03:47:32 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-05-17 01:59:49 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-05-13 03:47:33 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-05-17 01:59:50 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-05-13 03:47:35 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-05-17 01:59:51 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-05-13 03:47:38 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-05-17 01:59:53 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-05-13 03:48:06 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-05-17 02:00:13 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-05-17 02:17:57 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c5d3c0594e7f7d5ea8c9888f0e14c2f9\Microsoft.VisualBasic.ni.dll
- 2008-05-10 07:52:36 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0e4ce5082b36961bcc4b9191c1e8e798\System.Web.Mobile.ni.dll
+ 2008-05-17 02:18:05 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0e4ce5082b36961bcc4b9191c1e8e798\System.Web.Mobile.ni.dll
- 2008-05-16 23:27:28 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-17 01:50:01 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-17 02:07:50 26,184 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
- 2008-05-13 03:49:04 62,746 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-05-17 02:01:28 62,746 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-05-13 03:49:04 401,632 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-05-17 02:01:28 401,632 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2008-05-13 03:47:05 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-05-17 01:59:17 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-05-13 03:47:05 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-05-17 01:59:17 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 13:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00 28739]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-07-27 13:18 94208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-07-27 13:17 282624]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 15:34 36864]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2000-01-10 05:17 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 20:07 1177368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 13:00:00 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 20:07]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-16 20:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 20:07]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 20:08]

*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGTDIX
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 01:53:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-02-11 00:00:23 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-02-11 00:00:24 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-02-11 00:00:24 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:58:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 21:01:14
ComboFix-quarantined-files.txt 2008-05-17 03:00:33
ComboFix2.txt 2008-05-17 00:04:22
ComboFix3.txt 2008-05-16 04:44:48
ComboFix4.txt 2008-05-15 03:39:37

Pre-Run: 8,643,377,152 bytes free
Post-Run: 8,758,900,224 bytes free

539 --- E O F --- 2008-05-17 02:04:37













Malwarebytes' Anti-Malware 1.12
Database version: 751

Scan type: Full Scan (C:\|)
Objects scanned: 75715
Time elapsed: 43 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:59 PM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\KathiB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152467229
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152455772
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DE0300} (OTAutoInstall Class) - http://88.208.236.38/web/clientdownloads/OTAI.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5960 bytes

[dan12]

You can remove this olderversion of" Hijackthis 1.99.1" via add and remove programs.
Who is your ISP?

You now appear as you are running two a\v's on the the same system, two a\v's on the same system will not play well together they will fight for resources. and you will get slow downs and conflicts.
please choose one and remove the other, If you choose Norton to remove, I will give you a removal tool to assist, as Norton always leaves things behind.
Let me know what you decide.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit



Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 5 and click on Change/Remove to uninstall it.
   
2. Repeat for these old versions of JRE:
   Java(TM) 6 Update 4
3. Click here to visit Java's website.
   
4. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
   
5. Select Windows from the drop-down list for Platform.
   
6. Select Multi-language from the drop-down list for Language.
   
7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
   
8. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
   
9. Run this installation to update your Java.

1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
  
• Once the scanner is installed and the definitions downloaded, click Next.
  
• Now click on Scan Settings
  
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  + Extended (If available otherwise Standard)
  o Scan Options:
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
  
• Now under select a target to scan select My Computer
  
• The scan will take a while so be patient and let it run.
  
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  
• Click the Save Report As... button (see red arrow below)
  
  
  
  
• In the Save as... prompt, select Desktop
  
• In the File name box, name the file KasScan-ddmmyy (or similar)
  
• In the Save as type prompt, select Text file (see below)
  
  
  
  
• Copy and paste the report in your next post.

Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Please include in your next post:

• Kaspersky scan report
• New highjackthis log

Thanks dan

[EmilyKitty]

I was able to remove the older version of "Hijackthis 1.99.1".

I thought I had already removed Norton. I would like it gone. I am currently using the AVG anti-virus.

My ISP is Cable One.

I was able to remove O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

I was not able to remove the Java(TM) 6 Update 5 and Java(TM) 6 Update 4. I got a pop-up that said fatal error "something."

I was able to download, install and run the newest version Java Runtime Environment (JRE) 6 Update 6.

I was not able to run Kaspersky Online Scan. I downloaded it, updated it, checked the settings, selected "my computer", began the scan, and then my computer froze. I attempted this many times. still randomly freezing during the Kaspersky Online Scan. I did shut down windows defender and AVG while I did this.

Since I began making changes, my computer started doing its "freezing thing" again. It had stopped doing this, till I started the above actions in this forum. Im not saying anything bad, I'm just asking if perhaps I did something wrong? Or is it normal for computers to get worse before they get better? I have no clue as to how this fancy computin machine works.

Below is the latest HJT.












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:05 AM, on 5/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KathiB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\KathiB\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152467229
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1152455772
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DE0300} (OTAutoInstall Class) - http://88.208.236.38/web/clientdownloads/OTAI.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6192 bytes

[dan12]

As I outlined to you, the two a\v's are not helping matters with freezing.

Open up HJT, click on open misc tools section, then click tab open uninstall manager, highlight one at a time your older versions of java as I outlined to you, click on delete this entry do this for the other version too.
If you still have problems let me know and I will try another way.

Remove Norton

Please click HERE and follow the instructions to download and run the norton removal tool

You need to run these scans with no other windows open using Internet explorer
Try the kaspersky online scan again if no joy try this other online scan.

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

1. Check (tick) this box: YES, I accept the Terms of Use.
   
2. Click on the Start button next to it.
   
3. When prompted to run ActiveX. click Yes.
   
4. You will be asked to install an ActiveX. Click Install.
   
5. Once installed, the scanner will be initialized.
   
6. After the scanner is initialized, click Start.
   
7. Uncheck (untick) Remove found threats box.
   
8. Check (tick) Scan unwanted applications.
   
9. Click on Scan.
   
10. It will start scanning. Please be patient.
    
11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

post a new HJT log and scan report.