Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

message from hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

message from hijackthis

Unread postby magnolita » June 10th, 2008, 9:56 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:32, on 10.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\X-Lite\X-Lite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [2eb8fcbe] rundll32.exe "C:\WINDOWS\system32\fcmasajd.dll",b
O4 - HKLM\..\Run: [BM2d8bcf22] Rundll32.exe "C:\WINDOWS\system32\gqxyyaep.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-Lite\X-Lite.exe"
O4 - HKCU\..\Run: [one glue] C:\DOCUME~1\Computer\APPLIC~1\THISSI~1\Body browse dead.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner2008.exe
O4 - HKCU\..\Run: [30481826248654050864596697376866] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm022YYBG
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0247923812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0247910187
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-L ... uncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_ ... 2RTEv4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{256BD4A1-26A7-4F05-90B6-E75E5A391F1A}: NameServer = 83.228.112.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9453 bytes
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am
Advertisement
Register to Remove

Re: message from hijackthis

Unread postby mz30 » June 10th, 2008, 4:23 pm

Hi
I'm Mz30
I will be helping you with your malware issue's.
I am currently reviewing your hjt log and will post back soon with instructions.
As I am still in training, everything that I post to you, must be checked by an Admin or Moderator. Therefore there could be a delay between posts, but it shouldn't be too long.

  • The fixes i post, are for fixing your issues only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean,as even if you appear clean the chances are you are not.
  • Please bookmark or favourite this page. In case you need it as reference.
  • Please remember that all the staff here are volunteers and help in our free time and you will sometimes have to wait for a reply.

    Important
  • Please do not attempt to remove anything or fix anything unless i ask,This includes running any sort of anti-virus/spyware programs as they may make thing's harder to remove.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: message from hijackthis

Unread postby magnolita » June 10th, 2008, 4:39 pm

thx for your support...
I've added anti viruses like ad aware with no results..
my question :
did i need to format the pc or can I find any solution without formating it???
thx lots
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby mz30 » June 11th, 2008, 11:25 am

Hi magnolita,
I see no reason at the moment for me to advise a reformat,if that changes i will let you know. :)


RENAME HIJACKTHIS

There is some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe.




Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: message from hijackthis

Unread postby magnolita » June 11th, 2008, 1:58 pm

ComboFix 08-06-10.5 - Computer 2008-06-11 19:47:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.462 [GMT 3:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Computer\Desktop\WinXP_EN_PRO_BF.EXE
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Computer\Application Data\FunWebProducts
C:\WINDOWS\BM2d8bcf22.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\djasamcf.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ggfbqqkn.ini
C:\WINDOWS\system32\ipyqlpse.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NVCccccf.ini
C:\WINDOWS\system32\NVCccccf.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tgccgtlm.ini
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 19:58 . 2008-06-11 19:58 22 --a------ C:\WINDOWS\pskt.ini
2008-06-11 19:58 . 2008-06-11 19:58 0 --a------ C:\WINDOWS\BM2d8bcf22.xml
2008-06-11 12:36 . 2008-06-11 12:36 157,184 --a------ C:\WINDOWS\system32\bbwstkxo.dll
2008-06-11 11:31 . 2008-06-11 19:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-11 11:27 . 2008-06-11 19:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-11 11:27 . 2008-06-11 11:27 <DIR> d-------- C:\Program Files\AVG
2008-06-11 11:27 . 2008-06-11 11:35 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\AVGTOOLBAR
2008-06-11 11:27 . 2008-06-11 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-11 11:27 . 2008-06-11 11:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-11 11:27 . 2008-06-11 11:27 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-11 11:27 . 2008-06-11 11:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-10 21:02 . 2008-06-10 21:02 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-06-10 21:02 . 2007-03-04 14:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-06-10 21:01 . 2008-06-10 20:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-10 21:01 . 2007-03-04 14:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-06-10 20:59 . 2008-06-11 16:51 <DIR> d-------- C:\Program Files\Replay Converter
2008-06-10 17:44 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-06-10 16:46 . 2008-06-10 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 16:31 . 2008-06-10 16:31 <DIR> d-------- C:\VundoFix Backups
2008-06-09 22:26 . 2008-06-09 22:26 <DIR> d-------- C:\Program Files\ImTOO
2008-06-09 22:17 . 2008-06-09 22:20 <DIR> d-------- C:\Program Files\MPEGTOAVI
2008-06-09 22:17 . 2008-06-09 22:19 1,791,918,580 --a------ C:\output.avi
2008-06-09 17:11 . 2008-06-09 17:34 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\LimeWire
2008-06-09 17:08 . 2008-06-09 17:08 <DIR> d-------- C:\Program Files\Sun
2008-06-09 17:07 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 17:06 . 2008-06-09 17:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-09 17:03 . 2008-06-09 17:12 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 17:02 . 2008-06-09 17:03 <DIR> d-------- C:\Program Files\Registry Easy
2008-06-09 16:08 . 2008-06-09 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 16:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-09 13:10 . 2008-06-09 13:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-09 13:10 . 2008-06-09 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 12:41 . 2008-06-09 12:41 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Uniblue
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\winsyscfg
2008-06-08 14:55 . 2008-06-08 14:55 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-06-08 14:55 . 2008-06-10 21:03 <DIR> d-------- C:\Program Files\Freecorder
2008-06-08 14:55 . 2008-06-08 14:55 <DIR> d-------- C:\Program Files\Conduit
2008-06-08 14:55 . 2008-06-10 21:02 2,725,048 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2008-06-08 14:54 . 2008-06-08 14:54 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-06-08 14:54 . 2008-06-11 16:53 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-06-08 14:54 . 2008-06-10 21:00 7,710,016 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\Program Files\FLV Player
2008-06-08 14:52 . 2008-06-10 20:59 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\GetRightToGo
2008-06-08 14:52 . 2008-06-10 20:59 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-06-08 13:37 . 2008-06-11 16:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-08 13:37 . 2008-06-08 13:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 22:51 . 2008-06-06 23:08 <DIR> d-------- C:\VideoToDVD
2008-06-06 21:26 . 2008-06-06 21:28 <DIR> d-------- C:\OutputFolder
2008-06-03 20:35 . 2008-06-03 20:35 <DIR> d-------- C:\Program Files\MSBuild
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-03 19:51 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-03 19:50 . 2008-06-03 19:57 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Ulead Systems
2008-06-03 19:49 . 2008-06-03 19:49 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-06-03 19:48 . 2008-06-03 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-03 19:48 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-03 19:48 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-03 19:48 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-03 19:48 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-03 19:48 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-03 19:48 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-03 19:46 . 2008-06-03 19:46 <DIR> d-------- C:\Program Files\Windows Media Components
2008-06-03 19:45 . 2008-06-03 19:45 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-03 19:45 . 2008-06-03 19:46 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-03 19:45 . 2008-06-03 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 17:35 . 2008-06-02 17:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-30 21:03 . 2007-10-13 20:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe
2008-05-26 14:53 . 2008-06-08 13:26 <DIR> d-------- C:\Mp3 Output
2008-05-26 14:53 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-26 14:53 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-05-17 13:37 . 2008-06-10 17:34 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-17 13:37 . 2008-06-08 12:31 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\IDM
2008-05-17 13:37 . 2008-06-10 17:32 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\DMCache
2008-05-17 11:11 . 2008-06-10 17:38 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 22:22 . 2008-05-16 22:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 20:57 . 2008-05-16 21:00 510,189,896 --a------ C:\Adobe Photoshop CS3 ME.exe
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 17:48 . 2008-05-16 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-15 16:10 . 2008-05-15 16:10 <DIR> d-------- C:\Program Files\uTorrent
2008-05-15 16:10 . 2008-06-08 22:06 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 14:07 --------- d-----w C:\Program Files\Java
2008-06-09 13:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 10:32 --------- d-----w C:\Program Files\MSN Messenger
2008-06-09 10:21 --------- d-----w C:\Program Files\Adverts
2008-06-09 10:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 18:13 --------- d-----w C:\Documents and Settings\Computer\Application Data\Skype
2008-06-06 17:43 --------- d-----w C:\Documents and Settings\Computer\Application Data\skypePM
2008-06-03 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:35 --------- d-----w C:\Program Files\Common Files\Real
2008-06-02 14:34 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-02 14:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-17 08:14 --------- d-----w C:\Documents and Settings\Computer\Application Data\this size
2008-05-16 20:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 13:29 --------- d-----w C:\Program Files\ESET
2008-05-10 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-05-06 22:08 --------- d-----w C:\Program Files\QuickTime
2008-05-06 22:08 --------- d-----w C:\Program Files\Bonjour
2008-05-06 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-06 22:03 --------- d-----w C:\Program Files\Apple Software Update
2008-05-06 22:00 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-06 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-02-07 18:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-07 09:17 193,951 ----a-w C:\Program Files\A-Patch140rc1b9_WLM.zip
2008-02-06 15:01 958,352 ----a-w C:\Program Files\A-Patch130rc1b54_WLM.zip
2007-08-18 15:46 16,740,208 ----a-w C:\Program Files\Install_Messenger.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA86503-476F-476A-A55A-7225082DF3EB}]
C:\WINDOWS\system32\rqRJbAst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EF987AF-695C-46A7-A06C-88748676261F}]
C:\WINDOWS\system32\fccccCVN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-02-07 12:43 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-11 11:27 1177368]
"2eb8fcbe"="C:\WINDOWS\system32\esplqypi.dll" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 17:34 185896]
"BM2d8bcf22"="C:\WINDOWS\system32\bbwstkxo.dll" [2008-06-11 12:36 157184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8EA86503-476F-476A-A55A-7225082DF3EB}"= C:\WINDOWS\system32\rqRJbAst.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbAst]
rqRJbAst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\X-Lite\\X-Lite.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18531:TCP"= 18531:TCP:BitComet 18531 TCP
"18531:UDP"= 18531:UDP:BitComet 18531 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-11 11:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-11 11:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-11 11:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-11 11:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 17:00:49 C:\WINDOWS\Tasks\8DE36F1390690E83.job"
- c:\docume~1\computer\applic~1\thissi~1\ReadmeBibEnc.exe
"2008-06-11 15:50:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:57:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\pskt.ini 22 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\bbwstkxo.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-11 20:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 17:06:10

Pre-Run: 8,517,181,440 bytes free
Post-Run: 14,734,286,848 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

246
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby magnolita » June 11th, 2008, 2:05 pm

Hi my friend I couldn't write the log report from my pc I've copy them an I am using another pc cuz the explorer is veeeeeeeeery slow and the pc also...
everytime I open my pc I got an error loading c:\windows\system32\esplqypi.dll the specified module could not be found...
should I uninstlall the combofix?? and what are the solutions for the pc to not be slow to return as normal??
I am sure after 2 days I'll have psychologcal problems from my pc hahaha
thx lot for your support
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby mz30 » June 12th, 2008, 9:49 am

COMBOFIX-Script


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=31479&p=308606#p308606
    
    
    Suspect::
    C:\Documents and Settings\All Users\Application Data\MumboJumbo
    C:\Documents and Settings\Computer\Application Data\this size
    
    
    File::
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\BM2d8bcf22.xml
    C:\WINDOWS\system32\bbwstkxo.dll
    C:\Documents and Settings\All Users\Application Data\ezsid.dat
    C:\WINDOWS\system32\rqRJbAst.dll
    C:\WINDOWS\system32\fccccCVN.dll
    C:\WINDOWS\system32\esplqypi.dll
    C:\WINDOWS\system32\bbwstkxo.dll
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA86503-476F-476A-A55A-7225082DF3EB}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EF987AF-695C-46A7-A06C-88748676261F}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbAst]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "2eb8fcbe"=-
    "BM2d8bcf22"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{8EA86503-476F-476A-A55A-7225082DF3EB}"=-
    
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Download and Run NoLop
Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    (your computer will now be scanned for infected files)
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log later.

Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to C:\WINDOWS\system32\ folder then rerun the program.



In your next reply i will need to see the combofix log,NoLop.log and a fresh hjt log,then we can continue to clean your system.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: message from hijackthis

Unread postby magnolita » June 12th, 2008, 10:47 am

The combofix Log:


ComboFix 08-06-10.5 - Computer 2008-06-12 17:17:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.356 [GMT 3:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Computer\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Documents and Settings\All Users\Application Data\ezsid.dat
C:\WINDOWS\BM2d8bcf22.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbwstkxo.dll
C:\WINDOWS\system32\esplqypi.dll
C:\WINDOWS\system32\fccccCVN.dll
C:\WINDOWS\system32\rqRJbAst.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ezsid.dat
C:\WINDOWS\BM2d8bcf22.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbwstkxo.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-12 16:40 . 2008-06-12 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 16:28 . 2008-06-12 16:28 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-12 15:31 . 2008-06-12 15:31 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-06-12 15:31 . 2008-06-12 15:31 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-06-12 13:55 . 2002-08-29 09:10 229,479 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-11 20:59 . 2008-06-11 20:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-11 20:58 . 2007-02-28 12:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-11 20:58 . 2007-02-28 12:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-11 20:58 . 2007-02-28 12:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-11 20:57 . 2008-06-12 14:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-11 20:50 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:50 . 2008-04-14 14:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 20:27 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-11 20:27 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-11 20:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-11 11:31 . 2008-06-12 16:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-11 11:27 . 2008-06-12 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-11 11:27 . 2008-06-11 11:27 <DIR> d-------- C:\Program Files\AVG
2008-06-11 11:27 . 2008-06-11 11:35 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\AVGTOOLBAR
2008-06-11 11:27 . 2008-06-11 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-11 11:27 . 2008-06-11 11:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-11 11:27 . 2008-06-11 11:27 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-11 11:27 . 2008-06-11 11:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-10 21:02 . 2008-06-10 21:02 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-06-10 21:02 . 2007-03-04 14:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-06-10 21:01 . 2008-06-10 20:59 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-10 21:01 . 2007-03-04 14:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-06-10 20:59 . 2008-06-11 16:51 <DIR> d-------- C:\Program Files\Replay Converter
2008-06-10 17:44 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-06-10 16:46 . 2008-06-10 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 16:31 . 2008-06-10 16:31 <DIR> d-------- C:\VundoFix Backups
2008-06-09 22:26 . 2008-06-09 22:26 <DIR> d-------- C:\Program Files\ImTOO
2008-06-09 22:17 . 2008-06-09 22:19 1,791,918,580 --a------ C:\output.avi
2008-06-09 17:11 . 2008-06-09 17:34 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\LimeWire
2008-06-09 17:08 . 2008-06-09 17:08 <DIR> d-------- C:\Program Files\Sun
2008-06-09 17:03 . 2008-06-09 17:12 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 17:02 . 2008-06-09 17:03 <DIR> d-------- C:\Program Files\Registry Easy
2008-06-09 16:08 . 2008-06-09 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 16:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-09 13:10 . 2008-06-09 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 12:41 . 2008-06-09 12:41 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Uniblue
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\winsyscfg
2008-06-08 14:55 . 2008-06-08 14:55 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-06-08 14:55 . 2008-06-10 21:03 <DIR> d-------- C:\Program Files\Freecorder
2008-06-08 14:55 . 2008-06-08 14:55 <DIR> d-------- C:\Program Files\Conduit
2008-06-08 14:55 . 2008-06-10 21:02 2,725,048 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2008-06-08 14:54 . 2008-06-08 14:54 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-06-08 14:54 . 2008-06-11 16:53 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-06-08 14:54 . 2008-06-10 21:00 7,710,016 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-06-08 14:52 . 2008-06-08 14:52 <DIR> d-------- C:\Program Files\FLV Player
2008-06-08 14:52 . 2008-06-10 20:59 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\GetRightToGo
2008-06-08 14:52 . 2008-06-10 20:59 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-06-06 22:51 . 2008-06-06 23:08 <DIR> d-------- C:\VideoToDVD
2008-06-06 21:26 . 2008-06-06 21:28 <DIR> d-------- C:\OutputFolder
2008-06-03 20:35 . 2008-06-03 20:35 <DIR> d-------- C:\Program Files\MSBuild
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-03 19:51 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-03 19:50 . 2008-06-03 19:57 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Ulead Systems
2008-06-03 19:49 . 2008-06-03 19:49 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-06-03 19:48 . 2008-06-03 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-03 19:48 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-03 19:48 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-03 19:48 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-03 19:48 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-03 19:48 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-03 19:48 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-03 19:46 . 2008-06-03 19:46 <DIR> d-------- C:\Program Files\Windows Media Components
2008-06-03 19:45 . 2008-06-03 19:45 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-03 19:45 . 2008-06-03 19:46 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-03 19:45 . 2008-06-03 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 17:35 . 2008-06-02 17:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-30 21:03 . 2007-10-13 20:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe
2008-05-26 14:53 . 2008-06-08 13:26 <DIR> d-------- C:\Mp3 Output
2008-05-26 14:53 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-26 14:53 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-05-17 13:37 . 2008-06-08 12:31 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\IDM
2008-05-17 13:37 . 2008-06-10 17:32 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\DMCache
2008-05-17 11:11 . 2008-06-10 17:38 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 22:22 . 2008-05-16 22:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-16 20:57 . 2008-05-16 21:00 510,189,896 --a------ C:\Adobe Photoshop CS3 ME.exe
2008-05-15 17:48 . 2008-05-16 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-15 16:10 . 2008-05-15 16:10 <DIR> d-------- C:\Program Files\uTorrent
2008-05-15 16:10 . 2008-06-08 22:06 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 10:56 --------- d-----w C:\Program Files\Java
2008-06-12 10:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 13:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 10:32 --------- d-----w C:\Program Files\MSN Messenger
2008-06-09 10:21 --------- d-----w C:\Program Files\Adverts
2008-06-06 18:13 --------- d-----w C:\Documents and Settings\Computer\Application Data\Skype
2008-06-06 17:43 --------- d-----w C:\Documents and Settings\Computer\Application Data\skypePM
2008-06-03 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:35 --------- d-----w C:\Program Files\Common Files\Real
2008-06-02 14:34 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-02 14:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-17 08:14 --------- d-----w C:\Documents and Settings\Computer\Application Data\this size
2008-05-16 20:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 13:29 --------- d-----w C:\Program Files\ESET
2008-05-10 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:08 --------- d-----w C:\Program Files\Bonjour
2008-05-06 22:03 --------- d-----w C:\Program Files\Apple Software Update
2008-05-06 22:00 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-06 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-07 09:17 193,951 ----a-w C:\Program Files\A-Patch140rc1b9_WLM.zip
2008-02-06 15:01 958,352 ----a-w C:\Program Files\A-Patch130rc1b54_WLM.zip
2007-08-18 15:46 16,740,208 ----a-w C:\Program Files\Install_Messenger.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_20.05.33.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 16:57:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 11:02:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2007-02-28 09:53:04 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-27 22:15:58 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:55:14 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2006-12-18 19:33:48 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2003-07-07 10:36:00 2,058,343 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-08 08:48:00 115,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
- 2008-02-17 00:10:32 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-12 14:00:17 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-02-17 00:10:32 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-12 14:00:17 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-02-17 00:10:33 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-12 14:00:17 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-02-17 00:10:31 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-12 14:00:16 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-17 00:10:33 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-12 14:00:17 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-17 00:10:33 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-12 14:00:18 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-17 00:10:33 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-12 14:00:18 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-02-17 00:10:33 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-12 14:00:18 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-02-17 00:10:32 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-12 14:00:16 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-17 00:10:31 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-12 14:00:16 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-02-17 00:10:34 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-12 14:00:19 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-17 00:10:31 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-12 14:00:15 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-02-17 00:10:31 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-12 14:00:15 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-11 17:59:31 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2006-12-18 19:33:35 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2006-12-18 19:33:38 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-12-18 19:33:38 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-12-18 19:33:44 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-12-18 19:33:35 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:58:57 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2006-12-18 19:33:38 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-12-18 19:33:38 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-12-18 19:33:44 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-03 23:56:44 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-12-18 19:33:45 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:32:55 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2006-12-18 19:33:45 147,456 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:19:35 147,968 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-03 23:56:44 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 18:49:36 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2006-12-18 19:33:46 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-12-18 19:33:46 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-12-18 19:33:48 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 11:26:03 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2006-12-18 19:33:48 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-12-18 19:33:51 280,064 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:52:43 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2006-12-18 19:33:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:46:59 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-12-18 19:33:55 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-12-18 19:33:56 679,424 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-12-18 19:33:56 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-12-18 19:33:58 465,864 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-12-18 19:33:58 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-12-18 19:33:59 985,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 16:07:27 986,112 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2006-12-18 19:34:00 726,528 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:50:47 727,040 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-03 23:56:52 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-03 23:56:44 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:48:36 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2001-08-23 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-03 23:56:44 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-12-14 13:45:53 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-03 21:58:22 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-03 23:56:44 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-03 23:56:44 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-03 23:56:44 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-03 23:56:44 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-03 23:56:44 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-03 23:56:44 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-03 23:56:44 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-03 23:56:44 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-03 22:00:58 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2004-08-03 23:56:44 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-03 23:56:44 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-03 23:56:44 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-03 23:56:44 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-03 23:56:44 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-03 23:56:44 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2006-12-18 19:34:22 3,061,248 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-12-18 19:34:22 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-12-18 19:34:24 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-03 23:56:44 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 10:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-03 23:56:44 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-26 08:09:15 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-03 23:56:44 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-03 23:56:44 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-03 23:56:44 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-03 23:56:44 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 07:20:46 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-12-18 19:34:27 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:32:56 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-08-03 23:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-12-18 19:34:27 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-03 23:56:44 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-03 23:56:44 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-03 23:56:44 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-03 23:56:44 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-12-18 19:34:28 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-12-18 19:34:30 838,360 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-12-18 19:34:31 621,272 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-03 23:56:46 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-12-18 19:34:32 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:06:12 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-03 23:56:56 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-03 22:15:10 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-27 22:15:58 2,059,392 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2004-08-03 23:56:46 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2001-08-23 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2004-08-03 23:56:56 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2006-12-18 19:34:44 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-12-18 19:34:45 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-03 23:56:46 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2006-12-18 19:34:48 202,496 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:14:51 203,008 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-12-18 19:34:49 582,144 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:16:16 582,656 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-03 23:56:46 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2006-12-18 19:34:54 1,497,600 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-18 19:35:01 8,458,240 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2006-12-18 19:35:02 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-03 23:56:46 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2006-12-18 19:35:07 360,576 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-03 23:56:48 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2006-12-18 19:35:10 209,280 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-04-23 10:14:23 364,160 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
- 2004-08-03 23:56:48 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2006-12-18 19:35:11 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-18 19:35:11 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:48:36 578,048 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-03 23:56:58 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2006-12-18 19:35:12 438,272 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-12-18 19:35:14 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:16:01 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-12-18 19:35:14 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:32:56 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2006-12-18 19:35:14 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:32:56 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 23:56:48 333,312 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2006-12-18 19:35:18 1,839,616 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:40:27 1,845,888 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2006-12-18 19:35:18 664,576 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-12-18 19:35:18 291,840 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:45:03 292,864 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2006-10-18 19:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 14:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-10-18 19:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-12-18 19:33:45 147,456 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 23:56:44 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-03 21:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-03 22:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-03 22:15:10 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2006-12-18 19:34:51 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-12-18 19:35:07 360,576 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-12-18 19:35:10 209,280 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2006-12-18 19:33:46 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-12-18 19:33:46 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-12-18 19:33:48 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-06-04 08:45:57 1,509,536 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-12 11:02:48 1,508,544 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-12-18 19:33:51 280,064 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2006-12-18 19:33:55 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-12-18 19:33:56 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2006-12-18 19:33:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-03-24 22:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2002-08-29 06:10:24 24,669 ----a-w C:\WINDOWS\system32\java.exe
- 2008-03-24 22:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2002-08-29 06:10:24 24,671 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-18 19:33:58 465,864 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-12-18 19:33:58 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-12-18 19:33:59 985,600 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2006-12-18 19:34:00 726,528 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-03 23:56:52 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-08-03 23:56:44 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2001-08-23 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-03 23:56:44 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-12-14 13:45:53 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-03 23:56:44 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-03 23:56:44 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-03 23:56:44 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-03 23:56:44 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-03 23:56:44 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-03 23:56:44 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-03 23:56:44 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-03 23:56:44 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2004-08-03 23:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-03 23:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-03 23:56:44 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2006-12-18 19:34:22 3,061,248 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-12-18 19:34:22 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-12-18 19:34:24 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 23:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 10:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-03 23:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-03 23:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-03 23:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-12-18 19:34:27 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-03 23:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-03 23:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-03 23:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 13:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-03 23:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-12-18 19:34:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-12-18 19:34:30 838,360 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-12-18 19:34:31 621,272 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-03 23:56:46 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-12-18 19:34:32 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-12-18 19:34:33 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 12:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2006-12-18 19:34:34 1,321,744 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 12:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
- 2004-08-03 23:56:56 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2006-12-18 19:41:45 2,059,136 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-27 22:15:58 2,059,392 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2006-12-18 19:34:41 2,181,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-03 23:56:46 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-23 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2004-08-03 23:56:56 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2008-06-09 12:24:12 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-12 13:46:26 67,220 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-09 12:24:12 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-12 13:46:26 430,496 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-12-18 19:34:44 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 23:56:46 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2006-12-18 19:34:49 582,144 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-03 23:56:46 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2006-12-18 19:34:54 1,497,600 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-18 19:35:01 8,458,240 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-12-18 19:35:02 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 23:56:46 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2006-09-25 15:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-03 23:56:48 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-03 23:56:48 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2006-12-18 19:35:11 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-12-18 19:35:11 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-03 23:56:58 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2006-12-18 19:35:12 438,272 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-03 23:56:48 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2006-12-18 19:35:18 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 14:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2006-12-18 19:35:24 248,320 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 12:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-02-07 12:43 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 17:34 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-11 11:27 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\X-Lite\\X-Lite.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18531:TCP"= 18531:TCP:BitComet 18531 TCP
"18531:UDP"= 18531:UDP:BitComet 18531 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-11 11:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-11 11:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-11 11:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-11 11:27]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 14:00:00 C:\WINDOWS\Tasks\8DE36F1390690E83.job"
- c:\docume~1\computer\applic~1\thissi~1\ReadmeBibEnc.exe
"2008-06-11 15:50:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 17:21:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-12 17:24:38
ComboFix-quarantined-files.txt 2008-06-12 14:23:34
ComboFix2.txt 2008-06-11 17:07:01

Pre-Run: 15,865,798,656 bytes free
Post-Run: 15,890,284,544 bytes free

633 --- E O F --- 2008-06-12 11:00:17
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby magnolita » June 12th, 2008, 10:48 am

The NoLop Log:


NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Computer\Desktop
[12.6.2008 г.]
[17:33:10]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\8DE36F1390690E83.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Mumbojumbo
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\That Size Part Chin -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\View22
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windowsliveinstaller
C:\Documents and Settings\All Users\Application Data\Winsyscfg
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Computer\Application Data\Adobe
C:\Documents and Settings\Computer\Application Data\Ahead
C:\Documents and Settings\Computer\Application Data\Apple Computer
C:\Documents and Settings\Computer\Application Data\Avgtoolbar
C:\Documents and Settings\Computer\Application Data\Dmcache
C:\Documents and Settings\Computer\Application Data\Getrighttogo
C:\Documents and Settings\Computer\Application Data\Google
C:\Documents and Settings\Computer\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Computer\Application Data\Identities
C:\Documents and Settings\Computer\Application Data\Idm
C:\Documents and Settings\Computer\Application Data\Leadertech
C:\Documents and Settings\Computer\Application Data\Limewire
C:\Documents and Settings\Computer\Application Data\Macromedia
C:\Documents and Settings\Computer\Application Data\Microsoft
C:\Documents and Settings\Computer\Application Data\Mozilla
C:\Documents and Settings\Computer\Application Data\Msninstaller
C:\Documents and Settings\Computer\Application Data\Real
C:\Documents and Settings\Computer\Application Data\Skype
C:\Documents and Settings\Computer\Application Data\Skypepm
C:\Documents and Settings\Computer\Application Data\This Size
C:\Documents and Settings\Computer\Application Data\Ulead Systems
C:\Documents and Settings\Computer\Application Data\Uniblue
C:\Documents and Settings\Computer\Application Data\Utorrent
C:\Documents and Settings\Computer\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby magnolita » June 12th, 2008, 10:49 am

what is fresh hjt log I didn't get it???
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby mz30 » June 12th, 2008, 11:43 am

Code: Select all
what is fresh hjt log I didn't get it???


A fresh log from hijack this :)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: message from hijackthis

Unread postby magnolita » June 12th, 2008, 11:56 am

Fresh hjt log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:05, on 12.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 3954 bytes
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby mz30 » June 13th, 2008, 9:58 am

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: message from hijackthis

Unread postby magnolita » June 13th, 2008, 11:00 am

Malwarebytes' Anti-Malware 1.17
Database version: 852

17:58:24 13.6.2008 г.
mbam-log-6-13-2008 (17-58-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102920
Time elapsed: 41 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
magnolita
Active Member
 
Posts: 11
Joined: June 10th, 2008, 9:52 am

Re: message from hijackthis

Unread postby mz30 » June 13th, 2008, 12:16 pm

Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware