Requested ComboFix & HJS
ComboFix 09-07-06.02 - KEVIN 07/06/2009 17:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.208 [GMT -7:00]
Running from: c:\documents and settings\KEVIN\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\program files\Shavlik Technologies
2009-07-05 14:52 . 2009-07-05 14:52 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Google
2009-07-05 04:58 . 2009-07-05 04:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\WinPcap
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\Wireshark
2009-07-04 15:38 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 15:38 . 2009-07-04 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 15:38 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 14:12 . 2009-07-04 14:27 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 05:15 . 2009-07-04 05:15 37008 ----a-w- c:\documents and settings\Kal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-29 09:15 . 2009-06-29 09:15 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Logitech-LS
2009-06-28 15:52 . 2009-06-28 15:52 -------- d-sh--w- c:\documents and settings\KEVIN\IECompatCache
2009-06-27 21:23 . 2009-06-28 15:36 -------- d-----w- c:\documents and settings\KEVIN\Tracing
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Microsoft
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-27 20:25 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live
2009-06-27 20:19 . 2009-06-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 18:16 . 2009-06-26 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 16:30 . 2009-06-26 16:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-26 16:30 . 2009-06-26 16:32 -------- d-----w- c:\documents and settings\KEVIN\.housecall6.6
2009-06-26 04:03 . 2009-06-26 04:03 -------- d-----w- c:\program files\CCleaner
2009-06-26 04:01 . 2009-06-26 04:01 -------- d-----w- C:\rsit
2009-06-26 03:11 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Apple Computer
2009-06-26 03:05 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Apple Computer
2009-06-25 16:25 . 2009-06-25 16:25 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Yahoo!
2009-06-25 06:32 . 2009-06-25 06:32 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Malwarebytes
2009-06-25 06:31 . 2009-06-25 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 06:10 . 2009-06-27 17:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-24 06:33 . 2009-07-06 15:51 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Paint.NET
2009-06-24 06:13 . 2009-06-24 06:13 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\KodakGallery
2009-06-24 03:48 . 2009-06-24 03:48 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Yahoo
2009-06-23 20:55 . 2009-06-23 20:56 -------- d-----w- c:\documents and settings\KEVIN\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\DivX
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\Apple Computer
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\alot
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\AdobeUM
2009-06-23 17:51 . 2009-07-04 05:16 -------- d-----w- c:\documents and settings\Kal\Local Settings\Application Data\Paint.NET
2009-06-23 09:55 . 2009-06-23 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-06-23 08:22 . 2009-06-23 17:50 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Adobe
2009-06-23 05:32 . 2009-06-23 05:32 262144 ----a-w- C:\ntuser.dat
2009-06-23 04:52 . 2009-06-23 04:52 -------- d-sh--w- c:\documents and settings\KEVIN\PrivacIE
2009-06-23 03:39 . 2009-06-23 03:39 -------- d-----w- c:\documents and settings\Kerry\Local Settings\Application Data\Mozilla
2009-06-23 01:25 . 2009-06-23 19:00 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Error Fix
2009-06-23 01:24 . 2009-06-23 19:48 -------- d-----w- c:\program files\Error Fix
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Motive
2009-06-22 06:32 . 2009-06-22 06:32 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Mozilla
2009-06-22 06:14 . 2009-06-25 06:51 -------- d-----w- c:\documents and settings\KEVIN\Application Data\IObit
2009-06-22 04:53 . 2009-06-22 04:53 390664 ----a-w- c:\documents and settings\Kal\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-22 00:07 . 2009-06-22 00:07 190 ----a-w- c:\documents and settings\Kal\Application Data\FKMonitor\delself.bat
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\program files\FKMonitor
2009-06-21 07:17 . 2009-06-21 07:18 -------- d-----w- c:\program files\work area
2009-06-18 12:38 . 2009-06-18 12:38 -------- d-----w- C:\xpspchk
2009-06-17 18:23 . 2009-06-17 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 20:02 . 2009-06-17 18:23 -------- d-----w- c:\program files\IObit
2009-06-16 18:44 . 2009-06-16 18:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-16 17:05 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-16 13:48 . 2009-06-16 13:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\program files\The M&K Network
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\scripting
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\l2schemas
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\en
2009-06-16 04:12 . 2009-06-16 04:12 -------- d-----w- c:\program files\ACW
2009-06-16 02:22 . 2009-06-16 02:22 -------- d-----w- c:\program files\Alwil Software
2009-06-16 02:17 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 02:17 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 02:16 . 2009-06-16 02:17 -------- d-----w- c:\windows\ie8updates
2009-06-16 02:15 . 2009-06-16 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:14 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 02:09 . 2009-06-16 02:13 -------- dc-h--w- c:\windows\ie8
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-11 07:38 . 2009-06-11 07:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:59 . 2006-04-19 04:06 -------- d-----w- c:\program files\Lx_cats
2009-07-04 15:45 . 2006-04-16 13:27 37008 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 12:54 . 2006-05-02 17:59 -------- d-----w- c:\program files\Yahoo! Games
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 00:49 . 2008-12-07 23:52 -------- d-----w- c:\program files\Coupons
2009-06-27 20:45 . 2009-06-21 19:33 37008 ----a-w- c:\documents and settings\KEVIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:27 . 2006-04-22 00:17 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 03:34 . 2006-12-01 03:27 -------- d-----w- c:\program files\SpywareGuard
2009-06-27 03:34 . 2006-12-01 03:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 17:18 . 2003-10-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 17:17 . 2006-04-29 00:58 -------- d-----w- c:\program files\Symantec
2009-06-24 06:35 . 2006-05-02 01:02 -------- d-----w- c:\program files\Paint.NET
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\interMute
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\InstallShield
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\gtk-2.0
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\IObit
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Motive
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\PVST Manager
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\NCH Software
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\SampleView
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Sonic
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Wireshark
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Symantec
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Yahoo!
2009-06-23 17:50 . 2006-04-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-23 05:32 . 2006-04-16 03:12 -------- d-----w- c:\program files\Yahoo!
2009-06-23 05:32 . 2006-04-22 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-23 03:37 . 2009-06-23 03:37 36480 ----a-w- c:\documents and settings\Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 11:27 . 2006-04-19 04:05 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-06-17 16:28 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 16:25 . 2007-09-19 23:32 -------- d-----w- c:\program files\RealArcade
2009-06-17 16:21 . 2006-04-17 04:35 -------- d-----w- c:\program files\Google
2009-06-17 16:16 . 2009-02-08 08:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 16:14 . 2009-02-06 08:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 12:17 . 2003-10-11 06:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-16 13:25 . 2003-10-11 10:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-16 13:21 . 2009-06-16 13:21 4096 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 159744 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2009-06-16 13:21 . 2009-06-16 13:21 344064 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2009-06-16 13:21 . 2009-06-16 13:21 77824 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 213089 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motive.zip
2009-06-16 13:21 . 2009-06-16 13:21 315392 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2009-06-16 13:21 . 2009-06-16 13:21 212992 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2009-06-16 13:21 . 2009-06-16 13:21 49152 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2009-06-16 13:21 . 2009-06-16 13:21 155877 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\js.zip
2009-06-16 13:21 . 2009-06-16 13:21 114688 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2009-06-16 04:31 . 2006-12-16 02:32 -------- d-----w- c:\program files\SmartSMS
2009-06-16 04:25 . 2006-11-09 01:41 -------- d-----w- c:\program files\MumboJumbo
2009-06-16 04:24 . 2007-11-11 14:59 -------- d-----w- c:\program files\Jackpot Kings Casino
2009-06-16 04:22 . 2003-10-11 12:11 -------- d-----w- c:\program files\InterVideo
2009-06-16 04:19 . 2006-04-20 20:20 -------- d-----w- c:\program files\eGames
2009-06-16 04:18 . 2006-11-11 22:56 -------- d-----w- c:\program files\DivX
2009-06-16 04:15 . 2006-05-21 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-16 04:14 . 2007-12-11 20:55 -------- d-----w- c:\program files\Click'N Design 3D (V5)
2009-06-16 04:10 . 2006-11-10 00:36 -------- d-----w- c:\program files\PopCap Games
2009-06-16 04:04 . 2007-05-25 17:33 -------- d-----w- c:\program files\GameHouse
2009-06-16 03:59 . 2006-05-01 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-16 03:49 . 2006-07-26 07:40 -------- d-----w- c:\program files\303 Game Collection
2009-06-11 08:01 . 2003-10-11 12:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:05 . 2006-05-18 06:27 83 -c--a-w- c:\windows\popcinfo.dat
2009-05-13 05:15 . 2006-05-02 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-10-31 20:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 21:32 . 2006-05-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2003-10-11 10:06 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 02:51 . 2009-04-17 02:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2006-05-02 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 19:49 . 2009-04-14 19:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-14 17:34 . 2009-04-14 17:34 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2006-08-13 18:46 . 2006-08-13 18:46 2525 -c--a-w- c:\program files\altnet.def
2006-08-13 03:49 . 2006-08-13 03:49 53248 -c--a-w- c:\program files\KazaaBegone.exe
2006-08-13 03:32 . 2006-08-13 03:32 67733 -c--a-w- c:\program files\kazaa.def
2006-08-13 03:28 . 2006-08-13 03:28 6821 -c--a-w- c:\program files\bullguard.def
2006-08-13 02:23 . 2006-08-13 02:23 8300 -c--a-w- c:\program files\other.def
2006-08-12 22:29 . 2006-08-12 22:29 3077 -c--a-w- c:\program files\p2pnetworking.def
2006-08-12 22:23 . 2006-08-12 22:23 2016 -c--a-w- c:\program files\myway.def
2006-08-12 21:07 . 2006-08-12 21:07 572 -c--a-w- c:\program files\gator.def
2006-08-06 21:18 . 2006-08-06 21:18 726 -c--a-w- c:\program files\perfectnav.def
2006-08-06 20:41 . 2006-08-06 20:41 1032 -c--a-w- c:\program files\medialoads.def
2006-07-30 23:44 . 2006-07-30 23:44 1800 -c--a-w- c:\program files\webhancer.def
2006-07-30 23:43 . 2006-07-30 23:43 858 -c--a-w- c:\program files\savenow.def
2006-07-30 23:41 . 2006-07-30 23:41 1274 -c--a-w- c:\program files\onflow.def
2006-07-30 23:41 . 2006-07-30 23:41 1951 -c--a-w- c:\program files\newdotnet.def
2006-07-30 23:37 . 2006-07-30 23:37 1713 -c--a-w- c:\program files\delfin.def
2006-07-30 23:37 . 2006-07-30 23:37 1948 -c--a-w- c:\program files\cydoor.def
2006-07-30 23:37 . 2006-07-30 23:37 5227 -c--a-w- c:\program files\commonname.def
2006-07-30 23:36 . 2006-07-30 23:36 7120 -c--a-w- c:\program files\bde.def
2006-05-17 06:25 . 2006-05-17 06:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-05-29 17:28 . 2006-05-29 17:28 438594 --sh--w- c:\windows\system32\dgjlm.bak1
2006-05-31 14:51 . 2006-05-30 05:28 453092 --sh--w- c:\windows\system32\dgjlm.bak2
2006-05-31 01:58 . 2006-05-31 01:45 446398 --sh--w- c:\windows\system32\dgjlm.tmp
2006-06-15 10:19 . 2006-06-15 10:19 697013 --sh--w- c:\windows\system32\ihkmp.bak1
.
------- Sigcheck -------
[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-02 05:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2002-08-29 12:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallQ328310$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2002-08-29 12:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\ie7\wininet.dll
[7] 2006-11-08 04:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2002-08-29 12:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2002-08-29 19:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2002-08-29 12:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2002-08-29 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 mrtRate;mrtRate; [x]
R3 CDAVFS;CDAVFS; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTFMON - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://google.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\KEVIN\Application Data\Mozilla\Firefox\Profiles\3g0lnu2b.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.startup.homepage -
hxxp://google.com/FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?fr=ffds1&p=FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-06 17:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll
- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 18:18
ComboFix-quarantined-files.txt 2009-07-07 01:18
Pre-Run: 33,097,412,608 bytes free
Post-Run: 33,080,365,056 bytes free
551 --- E O F --- 2009-06-29 11:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:04 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 5917 bytes