Unsolved
This post is more than 5 years old
8 Posts
0
6228
Error message: res://C:\Windows\system32\shdoclc.dll/navcancl.htm
Please help me view websites that get this error message in the url bar! thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:13 PM, on 6/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chicago.cubs.mlb.com/index.jsp?c_id=chc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\Kyle\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: atisvc_frugp - Unknown owner - C:\Windows\system32\ebptuo\atisvc_frugp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9e8b6aa94cc20) (gupdate1c9e8b6aa94cc20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6886 bytes
bamajim
10.4K Posts
0
June 12th, 2009 10:00
1. Click Start->>Control Panel
Select User Accounts->>Turn User Account Control on or off
Uncheck "Use User Account Control (UAC) to help protect your computer
Select O.K.->>Then Restart your computer by Selecting "Restart Now"
2. Go HERE and download File Lister.
Copy and paste the contents of that log in your reply.
kstater
8 Posts
0
June 19th, 2009 18:00
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.1 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++
Report ran on --->>> 6/19/2009 7:09:38 PM
====== Running Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\ebptuo\atisvc_frugp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\java.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\XG42E3.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ebptuo\atisvc_frugp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WScript.exe
====== BHO's ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
====== HKLM\~\Run Keys ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[OfficeScanNT Monitor] = "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[RtHDVCpl] = RtHDVCpl.exe
[Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[NvCplDaemon] = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[NvMediaCenter] = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[SunJavaUpdateSched] = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
====== HKCU\~\Run Keys ======
[Weather] = C:\Program Files\AWS\WeatherBug\Weather.exe 1
[Aim6] = HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aim6
[ehTray.exe] = C:\Windows\ehome\ehTray.exe
[Host Process] = C:\Users\Kyle\svchost.exe
====== DNS Info (List may be empty) ======
HKEY_LOCAL_MACHINE\CCS\~\{405BDF1F-A543-49CA-BF29-4C7D157DD900}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A040482C-4DF2-4368-B474-25A64BA87C88}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{405BDF1F-A543-49CA-BF29-4C7D157DD900}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A040482C-4DF2-4368-B474-25A64BA87C88}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{405BDF1F-A543-49CA-BF29-4C7D157DD900}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A040482C-4DF2-4368-B474-25A64BA87C88}\ NameServer=
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
6/18/2009 11:41:36 PM 0 C:\Config.Msi
6/19/2009 7:09:38 PM 5109 32 C:\Files.txt
6/10/2009 9:13:37 PM 2926592 32 C:\Windows\explorer.exe
5/1/2009 9:08:28 AM 2088 32 C:\Windows\ie8_main.log
6/10/2009 10:09:22 PM 3781 32 C:\Windows\TmComm.log
6/10/2009 10:05:36 PM 94208 C:\Windows\System32\ca-ES
6/10/2009 10:05:36 PM 94208 C:\Windows\System32\eu-ES
6/10/2009 9:15:12 PM 42496 C:\Windows\System32\EventProviders
6/10/2009 9:15:12 PM 6144 C:\Windows\System32\EventProviders\de-de
6/10/2009 9:15:12 PM 5632 C:\Windows\System32\EventProviders\en-us
6/10/2009 9:15:12 PM 6144 C:\Windows\System32\EventProviders\es-es
6/10/2009 9:15:12 PM 6144 C:\Windows\System32\EventProviders\fr-fr
6/10/2009 9:15:13 PM 5120 C:\Windows\System32\EventProviders\ja-jp
6/10/2009 10:05:36 PM 94208 C:\Windows\System32\vi-VN
6/10/2009 9:12:33 PM 136192 32 C:\Windows\System32\aaclient.dll
6/10/2009 9:12:51 PM 2515968 32 C:\Windows\System32\accessibilitycpl.dll
5/1/2009 3:59:36 PM 72704 32 C:\Windows\System32\admparse.dll
6/10/2009 9:13:23 PM 199168 32 C:\Windows\System32\adsldpc.dll
6/10/2009 9:13:02 PM 75264 32 C:\Windows\System32\adsmsext.dll
6/10/2009 9:13:21 PM 617984 32 C:\Windows\System32\adtschema.dll
6/10/2009 9:13:42 PM 800768 32 C:\Windows\System32\advapi32.dll
5/1/2009 3:59:34 PM 128512 32 C:\Windows\System32\advpack.dll
6/10/2009 9:13:31 PM 1730560 32 C:\Windows\System32\apds.dll
6/10/2009 9:13:03 PM 171008 32 C:\Windows\System32\apphelp.dll
6/10/2009 9:12:38 PM 28672 32 C:\Windows\System32\Apphlpdm.dll
6/10/2009 9:13:12 PM 1122304 32 C:\Windows\System32\appwiz.cpl
6/10/2009 9:12:28 PM 289792 32 C:\Windows\System32\atmfd.dll
6/10/2009 9:12:30 PM 34304 32 C:\Windows\System32\atmlib.dll
6/10/2009 9:13:06 PM 88576 32 C:\Windows\System32\audiodg.exe
6/10/2009 9:12:49 PM 115712 32 C:\Windows\System32\AudioSes.dll
6/10/2009 9:13:30 PM 315392 32 C:\Windows\System32\audiosrv.dll
6/10/2009 9:13:39 PM 1985024 32 C:\Windows\System32\authui.dll
6/10/2009 9:12:53 PM 79872 32 C:\Windows\System32\authz.dll
6/10/2009 9:13:08 PM 643072 32 C:\Windows\System32\autochk.exe
6/10/2009 9:13:08 PM 656896 32 C:\Windows\System32\autoconv.exe
6/10/2009 9:13:13 PM 636416 32 C:\Windows\System32\autofmt.exe
6/10/2009 9:12:51 PM 516608 32 C:\Windows\System32\autoplay.dll
6/10/2009 9:14:01 PM 1216000 32 C:\Windows\System32\AuxiliaryDisplayCpl.dll
6/10/2009 9:13:44 PM 115200 32 C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
6/10/2009 9:13:42 PM 102912 32 C:\Windows\System32\AuxiliaryDisplayServices.dll
6/10/2009 9:13:12 PM 757248 32 C:\Windows\System32\azroles.dll
6/10/2009 9:13:07 PM 130024 32 C:\Windows\System32\basecsp.dll
6/10/2009 9:13:18 PM 274432 32 C:\Windows\System32\bcrypt.dll
6/10/2009 9:13:23 PM 334848 32 C:\Windows\System32\***.DLL
6/10/2009 9:12:30 PM 31744 32 C:\Windows\System32\bitsigd.dll
6/10/2009 9:12:42 PM 542720 32 C:\Windows\System32\blackbox.dll
6/10/2009 9:13:00 PM 1342464 32 C:\Windows\System32\brcpl.dll
6/10/2009 9:13:35 PM 1324032 32 C:\Windows\System32\browseui.dll
6/10/2009 9:12:34 PM 45568 32 C:\Windows\System32\bthci.dll
6/10/2009 9:13:38 PM 640512 32 C:\Windows\System32\bthprops.cpl
6/10/2009 9:13:18 PM 40960 32 C:\Windows\System32\bthserv.dll
6/10/2009 9:12:34 PM 34304 32 C:\Windows\System32\bthudtask.exe
6/10/2009 9:12:30 PM 44032 32 C:\Windows\System32\cbsra.exe
6/10/2009 9:12:37 PM 37376 32 C:\Windows\System32\cdd.dll
6/10/2009 9:13:21 PM 323584 32 C:\Windows\System32\certcli.dll
6/10/2009 9:13:46 PM 1112064 32 C:\Windows\System32\CertEnroll.dll
6/10/2009 9:13:12 PM 633856 32 C:\Windows\System32\CertEnrollUI.dll
6/10/2009 9:13:10 PM 1502720 32 C:\Windows\System32\certmgr.dll
6/10/2009 9:12:41 PM 40448 32 C:\Windows\System32\certprop.dll
6/10/2009 9:12:48 PM 215552 32 C:\Windows\System32\certreq.exe
6/10/2009 9:13:20 PM 799744 32 C:\Windows\System32\certutil.exe
6/10/2009 9:13:22 PM 124928 32 C:\Windows\System32\chajei.ime
6/10/2009 9:13:14 PM 1671680 32 C:\Windows\System32\chsbrkr.dll
6/10/2009 9:12:43 PM 6103040 32 C:\Windows\System32\chtbrkr.dll
6/10/2009 9:12:33 PM 10752 32 C:\Windows\System32\CHxReadingStringIME.dll
6/10/2009 9:13:33 PM 614376 32 C:\Windows\System32\ci.dll
6/10/2009 9:13:22 PM 124928 32 C:\Windows\System32\cintlgnt.ime
6/10/2009 9:12:40 PM 58368 32 C:\Windows\System32\cipher.exe
6/10/2009 9:13:12 PM 245736 32 C:\Windows\System32\clfs.sys
6/10/2009 9:12:46 PM 481792 32 C:\Windows\System32\cmdial32.dll
6/10/2009 9:12:47 PM 49152 32 C:\Windows\System32\cmmon32.exe
6/10/2009 9:13:21 PM 450560 32 C:\Windows\System32\comdlg32.dll
6/10/2009 9:13:31 PM 57856 32 C:\Windows\System32\compcln.exe
6/10/2009 9:13:41 PM 1209856 32 C:\Windows\System32\comsvcs.dll
6/10/2009 9:13:10 PM 593408 32 C:\Windows\System32\comuid.dll
6/10/2009 9:12:46 PM 69120 32 C:\Windows\System32\conime.exe
6/10/2009 9:12:53 PM 1645568 32 C:\Windows\System32\connect.dll
5/1/2009 3:59:36 PM 18944 32 C:\Windows\System32\corpol.dll
6/10/2009 9:12:41 PM 178176 32 C:\Windows\System32\credui.dll
6/10/2009 9:13:37 PM 978944 32 C:\Windows\System32\crypt32.dll
6/10/2009 9:13:17 PM 129024 32 C:\Windows\System32\cryptsvc.dll
6/10/2009 9:13:01 PM 971264 32 C:\Windows\System32\cryptui.dll
6/10/2009 9:12:35 PM 31744 32 C:\Windows\System32\cscapi.dll
6/10/2009 9:12:35 PM 22016 32 C:\Windows\System32\cscdll.dll
6/10/2009 9:13:07 PM 135168 32 C:\Windows\System32\cscript.exe
6/10/2009 9:12:30 PM 46080 32 C:\Windows\System32\csrstub.exe
6/10/2009 9:13:36 PM 1788416 32 C:\Windows\System32\d3d9.dll
6/10/2009 9:12:43 PM 45056 32 C:\Windows\System32\dataclen.dll
6/10/2009 9:13:36 PM 61440 32 C:\Windows\System32\davclnt.dll
6/10/2009 9:13:27 PM 1856512 32 C:\Windows\System32\dbgeng.dll
6/10/2009 9:12:48 PM 26112 32 C:\Windows\System32\DeviceEject.exe
6/10/2009 9:13:55 PM 478208 32 C:\Windows\System32\DevicePairing.dll
6/10/2009 9:13:23 PM 54784 32 C:\Windows\System32\DevicePairingProxy.dll
6/10/2009 9:14:12 PM 65536 32 C:\Windows\System32\DevicePairingWizard.exe
6/10/2009 9:13:24 PM 378368 32 C:\Windows\System32\devmgr.dll
6/10/2009 9:13:17 PM 93512 32 C:\Windows\System32\dfshim.dll
6/10/2009 9:13:48 PM 2092544 32 C:\Windows\System32\dfsr.exe
6/10/2009 9:13:12 PM 204288 32 C:\Windows\System32\dhcpcsvc.dll
6/10/2009 9:13:16 PM 130560 32 C:\Windows\System32\dhcpcsvc6.dll
6/10/2009 9:13:50 PM 1078784 32 C:\Windows\System32\diagperf.dll
6/10/2009 9:12:44 PM 54784 32 C:\Windows\System32\dimsroam.dll
6/10/2009 9:13:00 PM 119808 32 C:\Windows\System32\diskpart.exe
6/10/2009 9:13:03 PM 230912 32 C:\Windows\System32\diskraid.exe
6/10/2009 9:12:38 PM 105472 32 C:\Windows\System32\dmsynth.dll
6/10/2009 9:12:36 PM 101888 32 C:\Windows\System32\dmusic.dll
6/10/2009 9:13:20 PM 168448 32 C:\Windows\System32\dnsapi.dll
6/10/2009 9:13:04 PM 86528 32 C:\Windows\System32\dnsrslvr.dll
6/10/2009 9:13:37 PM 442788 32 C:\Windows\System32\dot3.tmf
6/10/2009 9:12:34 PM 49664 32 C:\Windows\System32\dot3cfg.dll
6/10/2009 9:12:49 PM 75264 32 C:\Windows\System32\dot3msm.dll
6/10/2009 9:12:53 PM 175616 32 C:\Windows\System32\dot3svc.dll
6/10/2009 9:12:48 PM 407040 32 C:\Windows\System32\dpapimig.exe
6/10/2009 9:12:38 PM 284672 32 C:\Windows\System32\drmmgrtn.dll
6/10/2009 9:14:00 PM 978432 32 C:\Windows\System32\drmv2clt.dll
6/10/2009 9:13:24 PM 194048 32 C:\Windows\System32\drvinst.exe
6/10/2009 9:11:47 PM 247808 32 C:\Windows\System32\drvstore.dll
6/10/2009 9:13:01 PM 444416 32 C:\Windows\System32\dsound.dll
6/10/2009 9:12:45 PM 137728 32 C:\Windows\System32\dsprop.dll
6/10/2009 9:13:09 PM 81920 32 C:\Windows\System32\dwm.exe
6/10/2009 9:12:25 PM 4096 32 C:\Windows\System32\dxmasf.dll
5/1/2009 3:59:36 PM 348160 32 C:\Windows\System32\dxtmsft.dll
5/1/2009 3:59:36 PM 216064 32 C:\Windows\System32\dxtrans.dll
6/10/2009 9:13:29 PM 344698 32 C:\Windows\System32\eaphost.tmf
6/10/2009 9:12:35 PM 187904 32 C:\Windows\System32\eapp3hst.dll
6/10/2009 9:12:33 PM 135680 32 C:\Windows\System32\eappcfg.dll
6/10/2009 9:12:33 PM 93696 32 C:\Windows\System32\eappgnui.dll
6/10/2009 9:13:29 PM 183808 32 C:\Windows\System32\eapphost.dll
6/10/2009 9:13:46 PM 120320 32 C:\Windows\System32\EhStorAPI.dll
6/10/2009 9:13:35 PM 117248 32 C:\Windows\System32\EhStorAuthn.dll
6/10/2009 9:13:35 PM 37376 32 C:\Windows\System32\EhStorPwdMgr.dll
6/10/2009 9:14:01 PM 114176 32 C:\Windows\System32\EhStorShell.dll
6/10/2009 9:13:30 PM 564224 32 C:\Windows\System32\emdmgmt.dll
6/10/2009 9:13:48 PM 428544 32 C:\Windows\System32\EncDec.dll
6/10/2009 9:13:43 PM 268800 32 C:\Windows\System32\es.dll
6/10/2009 9:13:55 PM 1459200 32 C:\Windows\System32\esent.dll
6/10/2009 9:13:38 PM 205824 32 C:\Windows\System32\eudcedit.exe
6/10/2009 9:13:23 PM 485888 32 C:\Windows\System32\evr.dll
6/10/2009 9:12:37 PM 20992 32 C:\Windows\System32\ExplorerFrame.dll
6/10/2009 9:12:24 PM 7168 32 C:\Windows\System32\f3ahvoas.dll
6/10/2009 9:12:49 PM 147456 32 C:\Windows\System32\Faultrep.dll
6/10/2009 9:12:36 PM 19968 32 C:\Windows\System32\fc.exe
6/10/2009 9:13:47 PM 88064 32 C:\Windows\System32\fdBth.dll
6/10/2009 9:13:23 PM 9728 32 C:\Windows\System32\fdBthProxy.dll
6/10/2009 9:12:32 PM 53760 32 C:\Windows\System32\fdeploy.dll
6/10/2009 9:13:00 PM 24064 32 C:\Windows\System32\fdProxy.dll
6/10/2009 9:12:36 PM 68096 32 C:\Windows\System32\fdSSDP.dll
6/10/2009 9:12:34 PM 69120 32 C:\Windows\System32\fdWCN.dll
6/10/2009 9:12:47 PM 67072 32 C:\Windows\System32\fdWSD.dll
6/10/2009 9:12:49 PM 54272 32 C:\Windows\System32\feclient.dll
6/10/2009 9:12:58 PM 60928 32 C:\Windows\System32\findstr.exe
6/10/2009 9:12:46 PM 142336 32 C:\Windows\System32\fontext.dll
6/10/2009 9:12:35 PM 41984 32 C:\Windows\System32\ftp.exe
6/10/2009 9:14:12 PM 2134528 32 C:\Windows\System32\FunctionDiscoveryFolder.dll
6/10/2009 9:13:17 PM 153088 32 C:\Windows\System32\fundisc.dll
6/10/2009 9:12:47 PM 595456 32 C:\Windows\System32\FWPUCLNT.DLL
6/10/2009 9:12:32 PM 28672 32 C:\Windows\System32\FwRemoteSvr.dll
6/10/2009 9:13:15 PM 1696768 32 C:\Windows\System32\gameux.dll
6/10/2009 9:13:30 PM 297472 32 C:\Windows\System32\gdi32.dll
6/10/2009 9:13:00 PM 75264 32 C:\Windows\System32\gpapi.dll
6/10/2009 9:13:44 PM 950784 32 C:\Windows\System32\gpedit.dll
6/10/2009 9:12:40 PM 128000 32 C:\Windows\System32\gpresult.exe
6/10/2009 9:13:38 PM 576512 32 C:\Windows\System32\gpsvc.dll
6/10/2009 9:12:31 PM 16896 32 C:\Windows\System32\gpupdate.exe
6/10/2009 9:12:32 PM 41472 32 C:\Windows\System32\hbaapi.dll
6/10/2009 9:12:48 PM 80384 32 C:\Windows\System32\hdwwiz.exe
6/10/2009 9:13:17 PM 26112 32 C:\Windows\System32\hidserv.dll
5/1/2009 3:59:33 PM 385024 32 C:\Windows\System32\html.iec
6/10/2009 9:12:54 PM 58880 32 C:\Windows\System32\iasacct.dll
6/10/2009 9:12:55 PM 57344 32 C:\Windows\System32\iasads.dll
6/10/2009 9:13:01 PM 47104 32 C:\Windows\System32\iasdatastore.dll
6/10/2009 9:13:00 PM 70656 32 C:\Windows\System32\iashlpr.dll
6/10/2009 9:13:48 PM 454144 32 C:\Windows\System32\IasMigPlugin.dll
6/10/2009 9:13:53 PM 463872 32 C:\Windows\System32\IasMigReader.exe
6/10/2009 9:13:08 PM 150528 32 C:\Windows\System32\iasnap.dll
6/10/2009 9:12:49 PM 33792 32 C:\Windows\System32\iaspolcy.dll
6/10/2009 9:12:58 PM 158208 32 C:\Windows\System32\iasrad.dll
6/10/2009 9:13:38 PM 119296 32 C:\Windows\System32\iasrecst.dll
6/10/2009 9:13:09 PM 182272 32 C:\Windows\System32\iassam.dll
6/10/2009 9:13:14 PM 252928 32 C:\Windows\System32\iassdo.dll
6/10/2009 9:12:57 PM 76288 32 C:\Windows\System32\iassvcs.dll
6/10/2009 9:14:01 PM 619864 32 C:\Windows\System32\icardagt.exe
5/1/2009 3:59:36 PM 59904 32 C:\Windows\System32\icardie.dll
6/10/2009 9:13:13 PM 9048 32 C:\Windows\System32\icardres.dll
6/9/2009 9:59:33 PM 173056 32 C:\Windows\System32\ie4uinit.exe
5/1/2009 3:59:36 PM 125952 32 C:\Windows\System32\ieakeng.dll
5/1/2009 3:59:35 PM 229376 32 C:\Windows\System32\ieaksie.dll
5/1/2009 3:59:35 PM 163840 32 C:\Windows\System32\ieakui.dll
5/1/2009 3:59:33 PM 3698584 32 C:\Windows\System32\ieapfltr.dat
5/1/2009 3:59:34 PM 445952 32 C:\Windows\System32\ieapfltr.dll
6/9/2009 9:59:34 PM 385536 32 C:\Windows\System32\iedkcs32.dll
6/9/2009 9:59:34 PM 11064832 32 C:\Windows\System32\ieframe.dll
5/1/2009 3:59:35 PM 183808 32 C:\Windows\System32\iepeers.dll
6/9/2009 9:59:33 PM 55808 32 C:\Windows\System32\iernonce.dll
6/9/2009 9:59:34 PM 1985024 32 C:\Windows\System32\iertutil.dll
6/9/2009 9:59:33 PM 71680 32 C:\Windows\System32\iesetup.dll
5/1/2009 3:59:33 PM 109056 32 C:\Windows\System32\iesysprep.dll
6/9/2009 9:59:33 PM 164352 32 C:\Windows\System32\ieui.dll
5/1/2009 3:59:34 PM 57667 32 C:\Windows\System32\ieuinit.inf
5/1/2009 3:59:33 PM 132608 32 C:\Windows\System32\ieUnatt.exe
5/1/2009 3:59:33 PM 169472 32 C:\Windows\System32\iexpress.exe
6/10/2009 9:12:40 PM 29696 32 C:\Windows\System32\ifmon.dll
6/10/2009 9:13:32 PM 438784 32 C:\Windows\System32\IKEEXT.DLL
6/10/2009 9:13:15 PM 107520 32 C:\Windows\System32\imapi.dll
6/10/2009 9:13:56 PM 378368 32 C:\Windows\System32\imapi2.dll
6/10/2009 9:14:04 PM 677376 32 C:\Windows\System32\imapi2fs.dll
5/1/2009 3:59:36 PM 34816 32 C:\Windows\System32\imgutil.dll
6/10/2009 9:13:50 PM 883712 32 C:\Windows\System32\IMJP10.IME
6/10/2009 9:13:55 PM 729600 32 C:\Windows\System32\IMJP10K.DLL
6/10/2009 9:13:09 PM 413696 32 C:\Windows\System32\imkr80.ime
6/10/2009 9:12:49 PM 114688 32 C:\Windows\System32\imm32.dll
6/10/2009 9:13:17 PM 738816 32 C:\Windows\System32\inetcomm.dll
6/9/2009 9:59:34 PM 1469440 32 C:\Windows\System32\inetcpl.cpl
6/10/2009 9:13:17 PM 122368 32 C:\Windows\System32\inetpp.dll
6/10/2009 9:12:29 PM 15360 32 C:\Windows\System32\inetppui.dll
6/10/2009 9:13:44 PM 99680 32 C:\Windows\System32\infocardapi.dll
6/10/2009 9:13:20 PM 35168 32 C:\Windows\System32\infocardcpl.cpl
6/10/2009 9:12:40 PM 217600 32 C:\Windows\System32\InkEd.dll
6/10/2009 9:12:37 PM 200704 32 C:\Windows\System32\input.dll
5/1/2009 3:59:35 PM 94720 32 C:\Windows\System32\inseng.dll
6/10/2009 9:12:33 PM 26624 32 C:\Windows\System32\ipconfig.exe
6/10/2009 9:13:01 PM 91648 32 C:\Windows\System32\IPHLPAPI.DLL
6/10/2009 9:13:29 PM 199168 32 C:\Windows\System32\iphlpsvc.dll
6/10/2009 9:13:00 PM 759296 32 C:\Windows\System32\ipsecsnp.dll
6/10/2009 9:13:19 PM 364032 32 C:\Windows\System32\IPSECSVC.DLL
6/10/2009 9:13:20 PM 396288 32 C:\Windows\System32\ipsmsnap.dll
6/10/2009 9:12:30 PM 16384 32 C:\Windows\System32\iscsilog.dll
6/18/2009 10:55:15 PM 135168 32 C:\Windows\System32\java.exe
6/18/2009 10:55:15 PM 135168 32 C:\Windows\System32\javaw.exe
6/18/2009 10:55:15 PM 139264 32 C:\Windows\System32\javaws.exe
5/1/2009 3:59:34 PM 726528 32 C:\Windows\System32\jscript.dll
6/9/2009 9:59:33 PM 25600 32 C:\Windows\System32\jsproxy.dll
6/18/2009 10:54:34 PM 5329 32 C:\Windows\System32\jupdate-1.6.0_03-b05.log
6/10/2009 9:13:10 PM 17896 32 C:\Windows\System32\kd1394.dll
6/10/2009 9:13:07 PM 17384 32 C:\Windows\System32\kdcom.dll
6/10/2009 9:13:05 PM 19944 32 C:\Windows\System32\kdusb.dll
6/10/2009 9:13:32 PM 497664 32 C:\Windows\System32\kerberos.dll
6/10/2009 9:13:46 PM 891392 32 C:\Windows\System32\kernel32.dll
6/10/2009 9:13:54 PM 143872 32 C:\Windows\System32\korwbrkr.dll
6/10/2009 9:13:14 PM 93696 32 C:\Windows\System32\Kswdmcap.ax
6/10/2009 9:12:35 PM 48128 32 C:\Windows\System32\l2nacp.dll
5/1/2009 3:59:35 PM 43008 32 C:\Windows\System32\licmgr10.dll
6/10/2009 9:13:33 PM 3662128 32 C:\Windows\System32\locale.nls
6/9/2009 9:59:41 PM 623616 32 C:\Windows\System32\localspl.dll
6/10/2009 9:12:40 PM 94720 32 C:\Windows\System32\logagent.exe
6/10/2009 9:12:59 PM 57344 32 C:\Windows\System32\logman.exe
6/10/2009 9:14:06 PM 1257984 32 C:\Windows\System32\lsasrv.dll
6/10/2009 9:13:42 PM 710144 32 C:\Windows\System32\Magnify.exe
6/10/2009 9:13:49 PM 950272 32 C:\Windows\System32\mblctr.exe
6/10/2009 9:13:02 PM 852992 32 C:\Windows\System32\mcmde.dll
6/10/2009 9:13:59 PM 438744 32 C:\Windows\System32\mcupdate_GenuineIntel.dll
6/10/2009 9:12:38 PM 356864 32 C:\Windows\System32\MediaMetadataHandler.dll
6/8/2009 5:34:12 AM 16 32 C:\Windows\System32\Message.log
6/10/2009 9:14:01 PM 2868224 32 C:\Windows\System32\mf.dll
6/10/2009 9:13:36 PM 1135104 32 C:\Windows\System32\mfc42.dll
6/10/2009 9:13:29 PM 1160704 32 C:\Windows\System32\mfc42u.dll
6/10/2009 9:12:24 PM 2048 32 C:\Windows\System32\mferror.dll
6/10/2009 9:13:03 PM 208896 32 C:\Windows\System32\mfplat.dll
6/10/2009 9:12:32 PM 24576 32 C:\Windows\System32\mfpmp.exe
6/10/2009 9:12:33 PM 98816 32 C:\Windows\System32\mfps.dll
6/10/2009 9:12:28 PM 17408 32 C:\Windows\System32\midimap.dll
6/10/2009 9:13:46 PM 2012160 32 C:\Windows\System32\milcore.dll
6/10/2009 9:13:21 PM 41984 32 C:\Windows\System32\mimefilt.dll
6/10/2009 9:13:48 PM 1792512 32 C:\Windows\System32\mmc.exe
6/10/2009 9:12:51 PM 52224 32 C:\Windows\System32\mmci.dll
6/10/2009 9:12:32 PM 12800 32 C:\Windows\System32\mmcico.dll
6/10/2009 9:13:25 PM 2167808 32 C:\Windows\System32\mmcndmgr.dll
6/10/2009 9:13:18 PM 150528 32 C:\Windows\System32\MMDevAPI.dll
6/10/2009 9:12:49 PM 1102848 32 C:\Windows\System32\mmsys.cpl
6/10/2009 9:12:44 PM 288256 32 C:\Windows\System32\modemui.dll
6/10/2009 9:12:37 PM 177664 32 C:\Windows\System32\mpg2splt.ax
6/10/2009 9:12:49 PM 68608 32 C:\Windows\System32\mpr.dll
6/10/2009 9:12:37 PM 97792 32 C:\Windows\System32\mprapi.dll
6/10/2009 9:13:51 PM 407552 32 C:\Windows\System32\MPSSVC.dll
6/10/2009 9:12:31 PM 21504 32 C:\Windows\System32\msacm32.drv
6/10/2009 9:12:43 PM 218624 32 C:\Windows\System32\mscandui.dll
6/10/2009 9:13:02 PM 391680 32 C:\Windows\System32\mscms.dll
6/10/2009 9:13:57 PM 278848 32 C:\Windows\System32\mscoree.dll
6/10/2009 9:12:58 PM 155456 32 C:\Windows\System32\mscorier.dll
6/10/2009 9:13:16 PM 80720 32 C:\Windows\System32\mscories.dll
6/10/2009 9:13:30 PM 807424 32 C:\Windows\System32\msctf.dll
6/10/2009 9:12:36 PM 19456 32 C:\Windows\System32\MsCtfMonitor.dll
6/10/2009 9:13:23 PM 84992 32 C:\Windows\System32\msctfp.dll
6/10/2009 9:12:38 PM 85504 32 C:\Windows\System32\msctfui.dll
6/10/2009 9:13:20 PM 332288 32 C:\Windows\System32\msdrm.dll
6/10/2009 9:13:20 PM 560640 32 C:\Windows\System32\msdtcprx.dll
6/10/2009 9:13:35 PM 1053696 32 C:\Windows\System32\msdtctm.dll
6/10/2009 9:12:25 PM 4096 32 C:\Windows\System32\msdxm.ocx
6/10/2009 9:13:50 PM 409600 32 C:\Windows\System32\msexch40.dll
6/10/2009 9:13:41 PM 339968 32 C:\Windows\System32\msexcl40.dll
5/1/2009 3:59:34 PM 594432 32 C:\Windows\System32\msfeeds.dll
5/1/2009 3:59:35 PM 55296 32 C:\Windows\System32\msfeedsbs.dll
5/1/2009 3:59:35 PM 13312 32 C:\Windows\System32\msfeedssync.exe
6/10/2009 9:13:04 PM 564224 32 C:\Windows\System32\msftedit.dll
5/1/2009 3:59:33 PM 45568 32 C:\Windows\System32\mshta.exe
6/9/2009 9:59:35 PM 5936128 32 C:\Windows\System32\mshtml.dll
6/9/2009 9:59:33 PM 1638912 32 C:\Windows\System32\mshtml.tlb
5/1/2009 3:59:37 PM 66560 32 C:\Windows\System32\mshtmled.dll
5/1/2009 3:59:36 PM 48128 32 C:\Windows\System32\mshtmler.dll
6/10/2009 9:14:04 PM 2241536 32 C:\Windows\System32\msi.dll
6/10/2009 9:13:15 PM 73216 32 C:\Windows\System32\msiexec.exe
6/10/2009 9:13:18 PM 332800 32 C:\Windows\System32\msihnd.dll
6/10/2009 9:12:24 PM 2560 32 C:\Windows\System32\msimsg.dll
6/10/2009 9:12:39 PM 31232 32 C:\Windows\System32\msimtf.dll
6/10/2009 9:12:50 PM 408064 32 C:\Windows\System32\msinfo32.exe
6/10/2009 9:12:37 PM 16384 32 C:\Windows\System32\msisip.dll
6/10/2009 9:13:52 PM 1589248 32 C:\Windows\System32\msjet40.dll
6/10/2009 9:13:10 PM 368640 32 C:\Windows\System32\msjetoledb40.dll
6/10/2009 9:12:35 PM 24576 32 C:\Windows\System32\msjint40.dll
6/10/2009 9:13:20 PM 61440 32 C:\Windows\System32\msjter40.dll
6/10/2009 9:13:44 PM 290816 32 C:\Windows\System32\msjtes40.dll
5/1/2009 3:59:36 PM 156160 32 C:\Windows\System32\msls31.dll
6/10/2009 9:13:36 PM 241664 32 C:\Windows\System32\msltus40.dll
6/10/2009 9:13:57 PM 613888 32 C:\Windows\System32\MSMPEG2VDEC.DLL
6/10/2009 9:13:02 PM 179712 32 C:\Windows\System32\msnetobj.dll
6/10/2009 9:12:36 PM 80896 32 C:\Windows\System32\MSNP.ax
6/10/2009 9:13:36 PM 368640 32 C:\Windows\System32\mspbde40.dll
5/1/2009 3:59:35 PM 193536 32 C:\Windows\System32\msrating.dll
6/10/2009 9:13:29 PM 319488 32 C:\Windows\System32\msrd2x40.dll
6/10/2009 9:13:35 PM 344064 32 C:\Windows\System32\msrd3x40.dll
6/10/2009 9:13:39 PM 643072 32 C:\Windows\System32\msrepl40.dll
6/10/2009 9:13:23 PM 35328 32 C:\Windows\System32\msscb.dll
6/10/2009 9:13:18 PM 60416 32 C:\Windows\System32\msscntrs.dll
6/10/2009 9:12:40 PM 414208 32 C:\Windows\System32\msscp.dll
6/10/2009 9:13:18 PM 11776 32 C:\Windows\System32\msshooks.dll
6/10/2009 9:13:53 PM 231424 32 C:\Windows\System32\msshsq.dll
6/10/2009 9:13:26 PM 87040 32 C:\Windows\System32\mssitlb.dll
6/10/2009 9:13:57 PM 351744 32 C:\Windows\System32\mssph.dll
6/10/2009 9:13:57 PM 203264 32 C:\Windows\System32\mssphtb.dll
6/10/2009 9:12:55 PM 33280 32 C:\Windows\System32\mssprxy.dll
6/10/2009 9:14:09 PM 1480704 32 C:\Windows\System32\mssrch.dll
6/10/2009 9:13:17 PM 43008 32 C:\Windows\System32\msstrc.dll
6/10/2009 9:13:57 PM 670720 32 C:\Windows\System32\mssvp.dll
6/10/2009 9:13:42 PM 282624 32 C:\Windows\System32\mstext40.dll
5/1/2009 3:59:35 PM 611840 32 C:\Windows\System32\mstime.dll
6/10/2009 9:12:55 PM 84992 32 C:\Windows\System32\mstlsapi.dll
6/10/2009 9:12:54 PM 678400 32 C:\Windows\System32\mstsc.exe
6/10/2009 9:13:39 PM 2066432 32 C:\Windows\System32\mstscax.dll
6/10/2009 9:12:55 PM 163328 32 C:\Windows\System32\msutb.dll
6/10/2009 9:13:32 PM 215040 32 C:\Windows\System32\msv1_0.dll
6/10/2009 9:13:44 PM 406528 32 C:\Windows\System32\msvcp60.dll
6/10/2009 9:13:30 PM 679936 32 C:\Windows\System32\msvcrt.dll
6/10/2009 9:12:45 PM 1544704 32 C:\Windows\System32\MSVidCtl.dll
6/10/2009 9:13:20 PM 856064 32 C:\Windows\System32\mswdat10.dll
6/10/2009 9:13:06 PM 223232 32 C:\Windows\System32\mswsock.dll
6/10/2009 9:13:31 PM 618496 32 C:\Windows\System32\mswstr10.dll
6/10/2009 9:13:40 PM 454656 32 C:\Windows\System32\msxbde40.dll
6/10/2009 9:13:49 PM 1183232 32 C:\Windows\System32\msxml3.dll
6/10/2009 9:13:51 PM 1336320 32 C:\Windows\System32\msxml6.dll
6/10/2009 9:13:17 PM 310272 32 C:\Windows\System32\mtxclu.dll
6/10/2009 9:13:45 PM 805376 32 C:\Windows\System32\NaturalLanguage6.dll
6/10/2009 9:12:30 PM 19968 32 C:\Windows\System32\NcdProp.dll
6/10/2009 9:13:10 PM 204288 32 C:\Windows\System32\ncrypt.dll
6/10/2009 9:12:48 PM 445952 32 C:\Windows\System32\ncryptui.dll
6/10/2009 9:13:17 PM 467456 32 C:\Windows\System32\netapi32.dll
6/10/2009 9:12:57 PM 2225664 32 C:\Windows\System32\netcenter.dll
6/10/2009 9:12:59 PM 104448 32 C:\Windows\System32\netiohlp.dll
6/10/2009 9:13:23 PM 592896 32 C:\Windows\System32\netlogon.dll
6/10/2009 9:12:41 PM 180736 32 C:\Windows\System32\netplwiz.dll
6/10/2009 9:13:39 PM 1086464 32 C:\Windows\System32\NetProjW.dll
6/10/2009 9:13:31 PM 3174400 32 C:\Windows\System32\netshell.dll
6/10/2009 9:12:40 PM 2226688 32 C:\Windows\System32\networkexplorer.dll
6/10/2009 9:12:33 PM 39936 32 C:\Windows\System32\networkitemfactory.dll
6/10/2009 9:12:54 PM 3072000 32 C:\Windows\System32\networkmap.dll
6/10/2009 9:13:38 PM 469504 32 C:\Windows\System32\newdev.dll
6/10/2009 9:12:53 PM 74752 32 C:\Windows\System32\newdev.exe
6/10/2009 9:13:34 PM 136192 32 C:\Windows\System32\nlhtml.dll
6/10/2009 9:14:16 PM 12240896 32 C:\Windows\System32\NlsLexicons0007.dll
6/10/2009 9:14:10 PM 2644480 32 C:\Windows\System32\NlsLexicons0009.dll
6/10/2009 9:12:33 PM 82944 32 C:\Windows\System32\nslookup.exe
6/10/2009 9:13:49 PM 1202168 32 C:\Windows\System32\ntdll.dll
6/10/2009 9:13:56 PM 3601896 32 C:\Windows\System32\ntkrnlpa.exe
6/10/2009 9:12:55 PM 121344 32 C:\Windows\System32\ntmarta.dll
6/10/2009 9:13:51 PM 3549672 32 C:\Windows\System32\ntoskrnl.exe
6/10/2009 9:12:59 PM 216064 32 C:\Windows\System32\ntprint.dll
5/1/2009 3:59:35 PM 109568 32 C:\Windows\System32\occache.dll
6/10/2009 9:12:32 PM 35840 32 C:\Windows\System32\ocsetup.exe
6/10/2009 9:13:28 PM 409600 32 C:\Windows\System32\odbc32.dll
6/10/2009 9:12:29 PM 40960 32 C:\Windows\System32\odbcconf.dll
6/10/2009 9:13:01 PM 114688 32 C:\Windows\System32\odbccp32.dll
6/10/2009 9:13:04 PM 194560 32 C:\Windows\System32\offfilt.dll
6/10/2009 9:13:50 PM 1316864 32 C:\Windows\System32\ole32.dll
6/10/2009 9:13:32 PM 563712 32 C:\Windows\System32\oleaut32.dll
6/10/2009 9:12:49 PM 97792 32 C:\Windows\System32\oleprn.dll
6/10/2009 9:12:38 PM 88576 32 C:\Windows\System32\olepro32.dll
6/10/2009 9:13:07 PM 1541120 32 C:\Windows\System32\onex.dll
6/10/2009 9:13:33 PM 392170 32 C:\Windows\System32\onex.tmf
6/10/2009 9:12:44 PM 2153472 32 C:\Windows\System32\oobefldr.dll
6/10/2009 9:13:06 PM 182272 32 C:\Windows\System32\osk.exe
6/10/2009 9:13:50 PM 327168 32 C:\Windows\System32\P2PGraph.dll
6/10/2009 9:13:58 PM 644608 32 C:\Windows\System32\p2psvc.dll
6/10/2009 9:12:52 PM 464384 32 C:\Windows\System32\pcaui.dll
6/10/2009 9:13:12 PM 242176 32 C:\Windows\System32\pdh.dll
5/1/2009 3:59:33 PM 109568 32 C:\Windows\System32\PDMSetup.exe
6/10/2009 9:12:53 PM 1248768 32 C:\Windows\System32\PerfCenterCPL.dll
6/10/2009 9:12:48 PM 31744 32 C:\Windows\System32\perfdisk.dll
6/10/2009 9:13:22 PM 124928 32 C:\Windows\System32\phon.ime
6/10/2009 9:13:22 PM 425472 32 C:\Windows\System32\PhotoMetadataHandler.dll
6/10/2009 9:13:19 PM 704512 32 C:\Windows\System32\PhotoScreensaver.scr
6/10/2009 9:13:34 PM 293376 32 C:\Windows\System32\photowiz.dll
6/10/2009 9:13:12 PM 1107968 32 C:\Windows\System32\pidgenx.dll
6/10/2009 9:12:50 PM 89088 32 C:\Windows\System32\pintlgnt.ime
6/10/2009 9:12:01 PM 130560 32 C:\Windows\System32\PkgMgr.exe
5/1/2009 3:59:34 PM 46592 32 C:\Windows\System32\pngfilt.dll
6/10/2009 9:13:14 PM 1823744 32 C:\Windows\System32\pnidui.dll
6/10/2009 9:13:00 PM 181760 32 C:\Windows\System32\pnpsetup.dll
6/10/2009 9:12:48 PM 542208 32 C:\Windows\System32\pnpui.dll
6/10/2009 9:12:47 PM 58368 32 C:\Windows\System32\PnPUnattend.exe
6/10/2009 9:12:45 PM 33280 32 C:\Windows\System32\PnPutil.exe
6/10/2009 9:12:31 PM 69632 32 C:\Windows\System32\PNPXAssoc.dll
6/10/2009 9:13:21 PM 241152 32 C:\Windows\System32\PortableDeviceApi.dll
6/10/2009 9:12:35 PM 94720 32 C:\Windows\System32\PortableDeviceClassExtension.dll
6/10/2009 9:12:34 PM 160768 32 C:\Windows\System32\PortableDeviceTypes.dll
6/10/2009 9:12:54 PM 723968 32 C:\Windows\System32\powercpl.dll
6/10/2009 9:12:54 PM 98816 32 C:\Windows\System32\powrprof.dll
6/10/2009 9:13:38 PM 102816 32 C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
6/10/2009 9:13:39 PM 323952 32 C:\Windows\System32\PresentationHost.exe
6/10/2009 9:13:53 PM 41344 32 C:\Windows\System32\PresentationHostProxy.dll
6/10/2009 9:14:06 PM 779136 32 C:\Windows\System32\PresentationNative_v0300.dll
6/10/2009 9:13:43 PM 167424 32 C:\Windows\System32\PresentationSettings.exe
6/10/2009 9:12:35 PM 26112 32 C:\Windows\System32\printfilterpipelineprxy.dll
6/10/2009 9:13:32 PM 666624 32 C:\Windows\System32\printfilterpipelinesvc.exe
6/10/2009 9:13:08 PM 869888 32 C:\Windows\System32\printui.dll
6/10/2009 9:13:02 PM 551936 32 C:\Windows\System32\prnntfy.dll
6/10/2009 9:13:16 PM 153088 32 C:\Windows\System32\profsvc.dll
6/10/2009 9:13:28 PM 71680 32 C:\Windows\System32\propdefs.dll
6/10/2009 9:13:38 PM 754688 32 C:\Windows\System32\propsys.dll
6/10/2009 9:13:13 PM 50664 32 C:\Windows\System32\PSHED.DLL
6/10/2009 9:12:49 PM 293376 32 C:\Windows\System32\psisdecd.dll
6/10/2009 9:13:41 PM 217088 32 C:\Windows\System32\psisrndr.ax
6/10/2009 9:12:37 PM 166400 32 C:\Windows\System32\puiapi.dll
6/10/2009 9:13:29 PM 302592 32 C:\Windows\System32\QAGENTRT.DLL
6/10/2009 9:12:51 PM 497152 32 C:\Windows\System32\qdvd.dll
6/10/2009 9:12:48 PM 505344 32 C:\Windows\System32\qedit.dll
6/10/2009 9:13:22 PM 124928 32 C:\Windows\System32\qintlgnt.ime
6/10/2009 9:13:50 PM 758784 32 C:\Windows\System32\qmgr.dll
6/10/2009 9:13:33 PM 1314816 32 C:\Windows\System32\quartz.dll
6/10/2009 9:13:50 PM 1381376 32 C:\Windows\System32\Query.dll
6/10/2009 9:13:22 PM 124928 32 C:\Windows\System32\quick.ime
5/26/2009 5:18:34 PM 57344 32 C:\Windows\System32\QuickTime.qts
5/26/2009 5:18:34 PM 90112 32 C:\Windows\System32\QuickTimeVR.qtx
6/10/2009 9:13:47 PM 880640 32 C:\Windows\System32\RacEngn.dll
6/10/2009 9:12:28 PM 9212 32 C:\Windows\System32\RacUR.xml
6/10/2009 9:12:21 PM 153 32 C:\Windows\System32\RacUREx.xml
6/10/2009 9:12:59 PM 286720 32 C:\Windows\System32\rasapi32.dll
6/10/2009 9:12:46 PM 281088 32 C:\Windows\System32\raschap.dll
6/10/2009 9:12:34 PM 52736 32 C:\Windows\System32\rasdiag.dll
6/10/2009 9:12:34 PM 16896 32 C:\Windows\System32\rasdial.exe
6/10/2009 9:12:57 PM 825856 32 C:\Windows\System32\rasdlg.dll
6/10/2009 9:12:48 PM 642560 32 C:\Windows\System32\rasgcw.dll
6/10/2009 9:13:14 PM 262144 32 C:\Windows\System32\rasmans.dll
6/10/2009 9:12:43 PM 155136 32 C:\Windows\System32\rasmontr.dll
6/10/2009 9:12:47 PM 376832 32 C:\Windows\System32\rasplap.dll
6/10/2009 9:12:45 PM 259584 32 C:\Windows\System32\rasppp.dll
6/10/2009 9:13:00 PM 69632 32 C:\Windows\System32\rastapi.dll
6/10/2009 9:13:00 PM 244224 32 C:\Windows\System32\rastls.dll
6/10/2009 9:13:05 PM 612864 32 C:\Windows\System32\rdpencom.dll
6/10/2009 9:12:41 PM 107008 32 C:\Windows\System32\rdpwsx.dll
6/10/2009 9:13:20 PM 61952 32 C:\Windows\System32\reg.exe
6/10/2009 9:12:50 PM 67584 32 C:\Windows\System32\regapi.dll
5/1/2009 3:59:33 PM 107520 32 C:\Windows\System32\RegisterIEPKEYs.exe
6/10/2009 9:12:59 PM 107008 32 C:\Windows\System32\regsvc.dll
6/10/2009 9:12:49 PM 43520 32 C:\Windows\System32\rekeywiz.exe
6/10/2009 9:13:05 PM 340992 32 C:\Windows\System32\RelMon.dll
6/10/2009 9:13:48 PM 466944 32 C:\Windows\System32\riched20.dll
6/10/2009 9:14:05 PM 518144 32 C:\Windows\System32\RMActivate.exe
6/10/2009 9:14:05 PM 526336 32 C:\Windows\System32\RMActivate_isv.exe
6/10/2009 9:13:54 PM 347136 32 C:\Windows\System32\RMActivate_ssp.exe
6/10/2009 9:13:53 PM 346624 32 C:\Windows\System32\RMActivate_ssp_isv.exe
6/10/2009 9:12:50 PM 127488 32 C:\Windows\System32\rpchttp.dll
6/9/2009 9:57:34 PM 784896 32 C:\Windows\System32\rpcrt4.dll
6/10/2009 9:13:37 PM 550400 32 C:\Windows\System32\rpcss.dll
6/10/2009 9:12:35 PM 53248 32 C:\Windows\System32\rrinstaller.exe
6/10/2009 9:13:18 PM 241128 32 C:\Windows\System32\rsaenh.dll
6/10/2009 9:13:20 PM 38400 32 C:\Windows\System32\rtffilt.dll
6/10/2009 9:13:09 PM 36352 32 C:\Windows\System32\rtutils.dll
6/10/2009 9:12:51 PM 57344 32 C:\Windows\System32\samlib.dll
6/10/2009 9:13:33 PM 483328 32 C:\Windows\System32\samsrv.dll
6/10/2009 9:12:55 PM 245760 32 C:\Windows\System32\scansetting.dll
6/10/2009 9:12:46 PM 95232 32 C:\Windows\System32\SCardSvr.dll
6/10/2009 9:14:05 PM 928768 32 C:\Windows\System32\scavenge.dll
6/10/2009 9:12:48 PM 177152 32 C:\Windows\System32\scecli.dll
6/10/2009 9:12:49 PM 306176 32 C:\Windows\System32\scesrv.dll
6/10/2009 9:13:23 PM 268800 32 C:\Windows\System32\schannel.dll
6/10/2009 9:13:45 PM 595456 32 C:\Windows\System32\schedsvc.dll
6/10/2009 9:12:49 PM 140288 32 C:\Windows\System32\scksp.dll
6/10/2009 9:13:09 PM 180224 32 C:\Windows\System32\scrobj.dll
6/10/2009 9:13:13 PM 172032 32 C:\Windows\System32\scrrun.dll
6/10/2009 9:12:48 PM 1169408 32 C:\Windows\System32\sdclt.exe
6/10/2009 9:13:56 PM 324608 32 C:\Windows\System32\sdohlp.dll
6/10/2009 9:13:46 PM 87552 32 C:\Windows\System32\SearchFilterHost.exe
6/10/2009 9:13:58 PM 441344 32 C:\Windows\System32\SearchIndexer.exe
6/10/2009 9:13:46 PM 185344 32 C:\Windows\System32\SearchProtocolHost.exe
6/10/2009 9:13:59 PM 472064 32 C:\Windows\System32\secproc.dll
6/10/2009 9:14:03 PM 476672 32 C:\Windows\System32\secproc_isv.dll
6/10/2009 9:13:03 PM 152064 32 C:\Windows\System32\secproc_ssp.dll
6/10/2009 9:13:03 PM 152576 32 C:\Windows\System32\secproc_ssp_isv.dll
6/10/2009 9:13:01 PM 72704 32 C:\Windows\System32\secur32.dll
6/10/2009 9:12:39 PM 69632 32 C:\Windows\System32\sendmail.dll
6/10/2009 9:13:22 PM 279552 32 C:\Windows\System32\services.exe
5/1/2009 3:59:33 PM 103936 32 C:\Windows\System32\SetDepNx.exe
6/10/2009 9:13:10 PM 627200 32 C:\Windows\System32\sethc.exe
5/1/2009 3:59:33 PM 107008 32 C:\Windows\System32\SetIEInstalledDate.exe
6/10/2009 9:13:37 PM 1591296 32 C:\Windows\System32\setupapi.dll
6/10/2009 9:13:27 PM 1068032 32 C:\Windows\System32\shdocvw.dll
6/10/2009 9:13:59 PM 11584000 32 C:\Windows\System32\shell32.dll
6/10/2009 9:13:35 PM 353280 32 C:\Windows\System32\shlwapi.dll
6/10/2009 9:12:44 PM 101376 32 C:\Windows\System32\shsetup.dll
6/10/2009 9:13:15 PM 247296 32 C:\Windows\System32\shsvcs.dll
6/10/2009 9:12:45 PM 425472 32 C:\Windows\System32\shwebsvc.dll
6/10/2009 9:13:53 PM 228352 32 C:\Windows\System32\SLC.dll
6/10/2009 9:12:55 PM 777216 32 C:\Windows\System32\slcc.dll
6/10/2009 9:14:14 PM 1081344 32 C:\Windows\System32\SLCExt.dll
6/10/2009 9:12:33 PM 42496 32 C:\Windows\System32\slcinst.dll
6/10/2009 9:13:33 PM 582144 32 C:\Windows\System32\SLCommDlg.dll
6/10/2009 9:12:37 PM 185856 32 C:\Windows\System32\SLLUA.exe
6/10/2009 9:13:13 PM 92918 32 C:\Windows\System32\slmgr.vbs
6/10/2009 9:14:14 PM 3408896 32 C:\Windows\System32\SLsvc.exe
6/10/2009 9:13:29 PM 361984 32 C:\Windows\System32\SLUI.exe
6/10/2009 9:13:10 PM 60928 32 C:\Windows\System32\SLUINotify.dll
6/10/2009 9:12:29 PM 12288 32 C:\Windows\System32\slwga.dll
6/10/2009 9:13:41 PM 67584 32 C:\Windows\System32\slwmi.dll
6/10/2009 9:12:47 PM 134656 32 C:\Windows\System32\SmartcardCredentialProvider.dll
6/10/2009 9:12:34 PM 83456 32 C:\Windows\System32\SMBHelperClass.dll
6/10/2009 9:12:07 PM 705536 32 C:\Windows\System32\SmiEngine.dll
6/10/2009 9:12:41 PM 64000 32 C:\Windows\System32\smss.exe
6/10/2009 9:13:02 PM 197632 32 C:\Windows\System32\SndVol.exe
6/10/2009 9:12:46 PM 275968 32 C:\Windows\System32\SnippingTool.exe
6/10/2009 9:12:39 PM 125952 32 C:\Windows\System32\softkbd.dll
6/10/2009 9:13:45 PM 9239 32 C:\Windows\System32\spcinstrumentation.man
6/10/2009 9:13:05 PM 13312 32 C:\Windows\System32\spcmsg.dll
6/10/2009 9:13:54 PM 190464 32 C:\Windows\System32\sperror.dll
6/10/2009 9:14:00 PM 289792 32 C:\Windows\System32\spinstall.exe
6/10/2009 9:13:46 PM 160768 32 C:\Windows\System32\spoolss.dll
6/10/2009 9:13:13 PM 127488 32 C:\Windows\System32\spoolsv.exe
6/10/2009 9:13:09 PM 142336 32 C:\Windows\System32\spp.dll
6/10/2009 9:14:00 PM 112640 32 C:\Windows\System32\spreview.exe
6/10/2009 9:12:47 PM 11776 32 C:\Windows\System32\spwinsat.dll
6/10/2009 9:13:59 PM 164352 32 C:\Windows\System32\spwizui.dll
6/10/2009 9:12:25 PM 7680 32 C:\Windows\System32\spwmp.dll
6/10/2009 9:13:29 PM 524288 32 C:\Windows\System32\sqlsrv32.dll
6/10/2009 9:13:49 PM 301568 32 C:\Windows\System32\srchadmin.dll
6/10/2009 9:12:46 PM 378368 32 C:\Windows\System32\srcore.dll
6/10/2009 9:12:55 PM 122880 32 C:\Windows\System32\srvsvc.dll
6/10/2009 9:13:03 PM 586752 32 C:\Windows\System32\stobject.dll
6/10/2009 9:12:34 PM 55808 32 C:\Windows\System32\Storprop.dll
6/10/2009 9:13:36 PM 107612 32 C:\Windows\System32\StructuredQuerySchema.bin
6/10/2009 9:12:52 PM 1224192 32 C:\Windows\System32\sud.dll
6/10/2009 9:13:25 PM 311808 32 C:\Windows\System32\swprv.dll
6/10/2009 9:13:11 PM 2205184 32 C:\Windows\System32\SyncCenter.dll
6/10/2009 9:13:02 PM 103936 32 C:\Windows\System32\sysclass.dll
6/10/2009 9:14:03 PM 558080 32 C:\Windows\System32\sysmain.dll
6/10/2009 9:13:11 PM 389632 32 C:\Windows\System32\sysmon.ocx
6/10/2009 9:12:52 PM 842240 32 C:\Windows\System32\systemcpl.dll
6/10/2009 9:13:48 PM 130008 32 C:\Windows\System32\systemsf.ebd
6/10/2009 9:12:49 PM 242688 32 C:\Windows\System32\tapisrv.dll
6/10/2009 9:13:09 PM 270336 32 C:\Windows\System32\taskcomp.dll
6/10/2009 9:13:20 PM 169984 32 C:\Windows\System32\taskeng.exe
6/10/2009 9:12:47 PM 170496 32 C:\Windows\System32\tcpipcfg.dll
6/10/2009 9:12:47 PM 135168 32 C:\Windows\System32\tcpmon.dll
5/1/2009 3:59:36 PM 66560 32 C:\Windows\System32\tdc.ocx
6/10/2009 9:13:16 PM 449024 32 C:\Windows\System32\termsrv.dll
6/10/2009 9:12:39 PM 313344 32 C:\Windows\System32\thawbrkr.dll
6/10/2009 9:12:56 PM 1152000 32 C:\Windows\System32\themecpl.dll
6/10/2009 9:12:52 PM 615424 32 C:\Windows\System32\themeui.dll
6/10/2009 9:12:56 PM 714240 32 C:\Windows\System32\timedate.cpl
6/10/2009 9:12:35 PM 125952 32 C:\Windows\System32\tintlgnt.ime
6/10/2009 9:14:07 PM 1576960 32 C:\Windows\System32\tquery.dll
6/10/2009 9:12:55 PM 12288 32 C:\Windows\System32\tsbyuv.dll
6/10/2009 9:12:33 PM 63488 32 C:\Windows\System32\tscupgrd.exe
6/10/2009 9:12:31 PM 53248 32 C:\Windows\System32\tsgqec.dll
6/10/2009 9:12:47 PM 38400 32 C:\Windows\System32\TSTheme.exe
6/10/2009 9:13:17 PM 35680 32 C:\Windows\System32\TsWpfWrp.exe
6/10/2009 9:13:48 PM 203264 32 C:\Windows\System32\uDWM.dll
6/10/2009 9:13:01 PM 99840 32 C:\Windows\System32\ulib.dll
6/10/2009 9:13:20 PM 222720 32 C:\Windows\System32\umpnpmgr.dll
6/10/2009 9:12:45 PM 280064 32 C:\Windows\System32\unimdm.tsp
6/10/2009 9:13:09 PM 324096 32 C:\Windows\System32\untfs.dll
5/1/2009 3:59:34 PM 105984 32 C:\Windows\System32\url.dll
6/9/2009 9:59:34 PM 1207808 32 C:\Windows\System32\urlmon.dll
6/10/2009 9:13:33 PM 627712 32 C:\Windows\System32\user32.dll
6/10/2009 9:12:51 PM 1123840 32 C:\Windows\System32\usercpl.dll
6/10/2009 9:13:06 PM 108544 32 C:\Windows\System32\userenv.dll
6/10/2009 9:13:24 PM 502272 32 C:\Windows\System32\usp10.dll
6/10/2009 9:13:03 PM 638976 32 C:\Windows\System32\Utilman.exe
6/10/2009 9:12:56 PM 29184 32 C:\Windows\System32\uxsms.dll
5/1/2009 3:59:34 PM 420352 32 C:\Windows\System32\vbscript.dll
6/10/2009 9:12:29 PM 17408 32 C:\Windows\System32\vdmdbg.dll
6/10/2009 9:13:24 PM 385536 32 C:\Windows\System32\vds.exe
6/10/2009 9:12:59 PM 507904 32 C:\Windows\System32\vdsdyn.dll
6/10/2009 9:12:50 PM 128000 32 C:\Windows\System32\vdsutil.dll
6/10/2009 9:12:37 PM 20480 32 C:\Windows\System32\version.dll
6/10/2009 9:13:40 PM 1077248 32 C:\Windows\System32\vssapi.dll
6/10/2009 9:13:29 PM 1055232 32 C:\Windows\System32\VSSVC.exe
6/10/2009 9:13:19 PM 282624 32 C:\Windows\System32\w32time.dll
6/10/2009 9:13:21 PM 413696 32 C:\Windows\System32\wcncsvc.dll
6/10/2009 9:13:33 PM 165376 32 C:\Windows\System32\WcnNetsh.dll
6/10/2009 9:13:23 PM 1533440 32 C:\Windows\System32\wcnwiz.dll
6/10/2009 9:14:03 PM 968192 32 C:\Windows\System32\wcnwiz2.dll
6/10/2009 9:13:15 PM 1020928 32 C:\Windows\System32\wdc.dll
6/10/2009 9:12:46 PM 167424 32 C:\Windows\System32\wdmaud.drv
6/10/2009 9:12:02 PM 218624 32 C:\Windows\System32\wdscore.dll
5/1/2009 3:59:35 PM 236544 32 C:\Windows\System32\webcheck.dll
6/10/2009 9:13:41 PM 199680 32 C:\Windows\System32\WebClnt.dll
6/10/2009 9:12:57 PM 876032 32 C:\Windows\System32\wer.dll
6/10/2009 9:13:21 PM 1143296 32 C:\Windows\System32\wercon.exe
6/10/2009 9:13:03 PM 217088 32 C:\Windows\System32\WerFault.exe
6/10/2009 9:13:04 PM 860160 32 C:\Windows\System32\WerFaultSecure.exe
6/10/2009 9:13:13 PM 126976 32 C:\Windows\System32\wersvc.dll
6/10/2009 9:13:35 PM 250368 32 C:\Windows\System32\wevtapi.dll
6/10/2009 9:13:53 PM 1017856 32 C:\Windows\System32\wevtsvc.dll
6/10/2009 9:13:26 PM 163840 32 C:\Windows\System32\wevtutil.exe
5/1/2009 3:59:35 PM 66560 32 C:\Windows\System32\wextract.exe
6/10/2009 9:13:15 PM 208966 32 C:\Windows\System32\WFP.TMF
6/10/2009 9:12:46 PM 31232 32 C:\Windows\System32\whealogr.dll
6/10/2009 9:12:45 PM 547840 32 C:\Windows\System32\wiaaut.dll
6/10/2009 9:13:02 PM 453120 32 C:\Windows\System32\wiaservc.dll
6/9/2009 9:52:30 PM 2034688 32 C:\Windows\System32\win32k.sys
6/10/2009 9:13:33 PM 443392 32 C:\Windows\System32\win32spl.dll
6/10/2009 9:13:40 PM 1524736 32 C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
6/10/2009 9:13:22 PM 712704 32 C:\Windows\System32\WindowsCodecs.dll
6/10/2009 9:13:09 PM 347648 32 C:\Windows\System32\WindowsCodecsExt.dll
5/1/2009 3:59:35 PM 208384 32 C:\Windows\System32\WinFXDocObj.exe
6/10/2009 9:13:31 PM 375808 32 C:\Windows\System32\winhttp.dll
6/9/2009 9:59:34 PM 915456 32 C:\Windows\System32\wininet.dll
6/10/2009 9:13:49 PM 986600 32 C:\Windows\System32\winload.exe
6/10/2009 9:13:11 PM 314368 32 C:\Windows\System32\winlogon.exe
6/10/2009 9:13:05 PM 189952 32 C:\Windows\System32\winmm.dll
6/10/2009 9:13:28 PM 926184 32 C:\Windows\System32\winresume.exe
6/10/2009 9:12:28 PM 19968 32 C:\Windows\System32\winrnr.dll
6/10/2009 9:13:43 PM 3217408 32 C:\Windows\System32\WinSAT.exe
6/10/2009 9:13:05 PM 115712 32 C:\Windows\System32\WinSCard.dll
6/10/2009 9:13:12 PM 258048 32 C:\Windows\System32\winspool.drv
6/10/2009 9:13:07 PM 375808 32 C:\Windows\System32\winsrv.dll
6/10/2009 9:13:09 PM 244224 32 C:\Windows\System32\wisptis.exe
6/10/2009 9:14:03 PM 2499629 32 C:\Windows\System32\wlan.tmf
6/10/2009 9:13:00 PM 399360 32 C:\Windows\System32\wlangpui.dll
6/10/2009 9:12:53 PM 68096 32 C:\Windows\System32\wlanhlp.dll
6/10/2009 9:12:44 PM 293376 32 C:\Windows\System32\wlanmsm.dll
6/10/2009 9:12:50 PM 1671680 32 C:\Windows\System32\wlanpref.dll
6/10/2009 9:13:00 PM 514048 32 C:\Windows\System32\wlansvc.dll
6/10/2009 9:12:45 PM 202752 32 C:\Windows\System32\wlanui.dll
6/10/2009 9:13:23 PM 287744 32 C:\Windows\System32\Wldap32.dll
6/10/2009 9:12:42 PM 83456 32 C:\Windows\System32\wlgpclnt.dll
6/10/2009 9:12:43 PM 533504 32 C:\Windows\System32\wmdrmsdk.dll
6/10/2009 9:13:16 PM 343040 32 C:\Windows\System32\wmicmiplugin.dll
6/10/2009 9:13:19 PM 996352 32 C:\Windows\System32\WMNetMgr.dll
6/10/2009 9:13:52 PM 10624512 32 C:\Windows\System32\wmp.dll
6/10/2009 9:12:41 PM 303616 32 C:\Windows\System32\wmpeffects.dll
6/10/2009 9:13:41 PM 321536 32 C:\Windows\System32\WMPhoto.dll
6/10/2009 9:12:25 PM 8147456 32 C:\Windows\System32\wmploc.DLL
6/10/2009 9:13:11 PM 867328 32 C:\Windows\System32\wmpmde.dll
6/10/2009 9:13:52 PM 2386944 32 C:\Windows\System32\WMVCORE.DLL
6/10/2009 9:12:59 PM 1575936 32 C:\Windows\System32\WMVENCOD.DLL
6/10/2009 9:13:22 PM 1382912 32 C:\Windows\System32\WMVSDECD.DLL
6/10/2009 9:12:45 PM 657408 32 C:\Windows\System32\WMVXENCD.DLL
6/10/2009 9:13:06 PM 273920 32 C:\Windows\System32\wow32.dll
6/10/2009 9:12:50 PM 532992 32 C:\Windows\System32\wpcao.dll
6/10/2009 9:12:58 PM 1580544 32 C:\Windows\System32\wpccpl.dll
6/10/2009 9:12:40 PM 140288 32 C:\Windows\System32\wpcsvc.dll
6/10/2009 9:12:40 PM 33280 32 C:\Windows\System32\wscapi.dll
6/10/2009 9:14:03 PM 291328 32 C:\Windows\System32\WscEapPr.dll
6/10/2009 9:12:49 PM 17920 32 C:\Windows\System32\wscisvif.dll
6/10/2009 9:13:00 PM 223744 32 C:\Windows\System32\wscntfy.dll
6/10/2009 9:13:01 PM 155648 32 C:\Windows\System32\wscript.exe
6/10/2009 9:12:59 PM 61440 32 C:\Windows\System32\wscsvc.dll
6/10/2009 9:12:48 PM 1689600 32 C:\Windows\System32\wscui.cpl
6/10/2009 9:13:22 PM 355328 32 C:\Windows\System32\WSDApi.dll
6/10/2009 9:12:35 PM 20992 32 C:\Windows\System32\wsdchngr.dll
6/10/2009 9:12:41 PM 177664 32 C:\Windows\System32\WSDMon.dll
6/10/2009 9:13:03 PM 29184 32 C:\Windows\System32\wsepno.dll
6/10/2009 9:12:37 PM 34304 32 C:\Windows\System32\wshbth.dll
6/10/2009 9:12:58 PM 90112 32 C:\Windows\System32\wshext.dll
6/10/2009 9:12:55 PM 135168 32 C:\Windows\System32\wshom.ocx
6/10/2009 9:13:25 PM 747008 32 C:\Windows\System32\WsmSvc.dll
6/10/2009 9:12:56 PM 50688 32 C:\Windows\System32\wsnmp32.dll
6/10/2009 9:12:58 PM 140800 32 C:\Windows\System32\wusa.exe
6/10/2009 9:13:30 PM 56320 32 C:\Windows\System32\xmlfilter.dll
6/10/2009 9:12:58 PM 342528 32 C:\Windows\System32\zipfldr.dll
====== Files under "\Administrator\Startup" Last 60 Days======
====== Files under "\All Users\Startup" Last 60 Days======
====== Files and Folders under "\Program Files" Last 60 Days======
4/26/2009 1:11:20 PM 321781 C:\Program Files\ESPN
6/8/2009 9:53:11 PM 1371695 C:\Program Files\iPod
6/3/2009 12:08:16 AM 3335 C:\Program Files\iPod(104)
6/18/2009 10:52:22 PM 41346795 C:\Program Files\Linksys
6/3/2009 12:05:49 AM 54284712 C:\Program Files\QuickTime(134)
5/6/2009 5:59:28 PM 1058 C:\Program Files\UltraVNC
5/21/2009 7:26:56 AM 2363937 C:\Program Files\Walmart MP3 Music Downloads
====== Files under "\System32\Drivers" Last 60 Days======
6/10/2009 9:13:13 PM 265688 32 C:\Windows\System32\drivers\acpi.sys
6/10/2009 9:12:46 PM 273920 32 C:\Windows\System32\drivers\afd.sys
6/10/2009 9:13:05 PM 19944 32 C:\Windows\System32\drivers\atapi.sys
6/10/2009 9:13:13 PM 109032 32 C:\Windows\System32\drivers\ataport.sys
6/10/2009 9:12:26 PM 93696 32 C:\Windows\System32\drivers\bridge.sys
6/10/2009 9:12:31 PM 67072 32 C:\Windows\System32\drivers\cdrom.sys
6/10/2009 9:13:15 PM 125928 32 C:\Windows\System32\drivers\Classpnp.sys
6/10/2009 9:13:13 PM 35304 32 C:\Windows\System32\drivers\crashdmp.sys
6/10/2009 9:12:32 PM 75264 32 C:\Windows\System32\drivers\dfsc.sys
6/10/2009 9:13:10 PM 53736 32 C:\Windows\System32\drivers\disk.sys
6/10/2009 9:12:29 PM 19456 32 C:\Windows\System32\drivers\Diskdump.sys
6/10/2009 9:13:07 PM 27624 32 C:\Windows\System32\drivers\Dumpata.sys
6/10/2009 9:12:29 PM 76288 32 C:\Windows\System32\drivers\dxg.sys
6/10/2009 9:13:35 PM 626176 32 C:\Windows\System32\drivers\dxgkrnl.sys
6/10/2009 9:13:08 PM 141288 32 C:\Windows\System32\drivers\ecache.sys
6/10/2009 9:12:49 PM 136704 32 C:\Windows\System32\drivers\exfat.sys
6/10/2009 9:12:42 PM 142848 32 C:\Windows\System32\drivers\fastfat.sys
6/10/2009 9:13:08 PM 190424 32 C:\Windows\System32\drivers\fltMgr.sys
6/10/2009 9:13:08 PM 99816 32 C:\Windows\System32\drivers\FWPKCLNT.SYS
6/10/2009 9:14:05 PM 561152 32 C:\Windows\System32\drivers\hdaudbus.sys
6/10/2009 9:12:33 PM 39424 32 C:\Windows\System32\drivers\hidclass.sys
6/10/2009 9:12:38 PM 12800 32 C:\Windows\System32\drivers\hidusb.sys
6/10/2009 9:13:01 PM 401408 32 C:\Windows\System32\drivers\http.sys
6/10/2009 9:12:52 PM 17408 32 C:\Windows\System32\drivers\kbdhid.sys
6/10/2009 9:12:54 PM 149504 32 C:\Windows\System32\drivers\ks.sys
6/10/2009 9:13:13 PM 439784 32 C:\Windows\System32\drivers\ksecdd.sys
6/10/2009 9:13:30 PM 114688 32 C:\Windows\System32\drivers\mrxdav.sys
6/10/2009 9:13:03 PM 105984 32 C:\Windows\System32\drivers\mrxsmb.sys
6/10/2009 9:13:14 PM 212992 32 C:\Windows\System32\drivers\mrxsmb10.sys
6/10/2009 9:12:59 PM 79360 32 C:\Windows\System32\drivers\mrxsmb20.sys
6/10/2009 9:13:21 PM 180712 32 C:\Windows\System32\drivers\msiscsi.sys
6/10/2009 9:13:08 PM 161752 32 C:\Windows\System32\drivers\msrpc.sys
6/10/2009 9:13:10 PM 48104 32 C:\Windows\System32\drivers\mup.sys
6/10/2009 9:13:18 PM 527848 32 C:\Windows\System32\drivers\ndis.sys
6/10/2009 9:12:36 PM 121344 32 C:\Windows\System32\drivers\ndiswan.sys
6/10/2009 9:13:05 PM 185856 32 C:\Windows\System32\drivers\netbt.sys
6/10/2009 9:13:30 PM 223208 32 C:\Windows\System32\drivers\netio.sys
6/10/2009 9:12:45 PM 35328 32 C:\Windows\System32\drivers\npfs.sys
6/10/2009 9:13:42 PM 1083880 32 C:\Windows\System32\drivers\ntfs.sys
6/10/2009 9:12:31 PM 148480 32 C:\Windows\System32\drivers\nwifi.sys
6/10/2009 9:12:44 PM 72192 32 C:\Windows\System32\drivers\pacer.sys
6/10/2009 9:13:12 PM 54248 32 C:\Windows\System32\drivers\partmgr.sys
6/10/2009 9:13:15 PM 149480 32 C:\Windows\System32\drivers\pci.sys
6/10/2009 9:13:08 PM 14312 32 C:\Windows\System32\drivers\pciide.sys
6/10/2009 9:13:09 PM 43496 32 C:\Windows\System32\drivers\pciidex.sys
6/18/2009 11:51:04 PM 24888 32 C:\Windows\System32\drivers\pnarp.sys
6/10/2009 9:12:47 PM 167936 32 C:\Windows\System32\drivers\portcls.sys
6/18/2009 11:51:00 PM 26424 32 C:\Windows\System32\drivers\purendis.sys
6/10/2009 9:12:25 PM 41472 32 C:\Windows\System32\drivers\raspppoe.sys
6/10/2009 9:12:33 PM 69120 32 C:\Windows\System32\drivers\rassstp.sys
6/10/2009 9:13:31 PM 225280 32 C:\Windows\System32\drivers\rdbss.sys
6/10/2009 9:12:36 PM 180736 32 C:\Windows\System32\drivers\rdpwd.sys
6/10/2009 9:12:40 PM 113664 32 C:\Windows\System32\drivers\rmcast.sys
6/10/2009 9:12:26 PM 33280 32 C:\Windows\System32\drivers\RNDISMP.sys
6/10/2009 9:12:38 PM 66560 32 C:\Windows\System32\drivers\smb.sys
6/10/2009 9:14:07 PM 684032 32 C:\Windows\System32\drivers\spsys.sys
6/10/2009 9:13:19 PM 288768 32 C:\Windows\System32\drivers\srv.sys
6/10/2009 9:13:13 PM 144896 32 C:\Windows\System32\drivers\srv2.sys
6/10/2009 9:13:01 PM 98816 32 C:\Windows\System32\drivers\srvnet.sys
6/10/2009 9:13:13 PM 122344 32 C:\Windows\System32\drivers\Storport.sys
6/10/2009 9:12:27 PM 52992 32 C:\Windows\System32\drivers\stream.sys
6/10/2009 9:13:47 PM 897000 32 C:\Windows\System32\drivers\tcpip.sys
6/10/2009 9:12:46 PM 30720 32 C:\Windows\System32\drivers\tcpipreg.sys
6/10/2009 9:12:44 PM 72192 32 C:\Windows\System32\drivers\tdx.sys
6/10/2009 9:13:13 PM 53224 32 C:\Windows\System32\drivers\termdd.sys
6/10/2009 9:12:38 PM 226816 32 C:\Windows\System32\drivers\udfs.sys
6/10/2009 9:12:25 PM 15872 32 C:\Windows\System32\drivers\usb8023.sys
6/10/2009 9:12:46 PM 25856 32 C:\Windows\System32\drivers\USBCAMD.sys
6/10/2009 9:12:46 PM 25856 32 C:\Windows\System32\drivers\USBCAMD2.sys
6/10/2009 9:12:57 PM 39936 32 C:\Windows\System32\drivers\usbehci.sys
6/10/2009 9:13:27 PM 196096 32 C:\Windows\System32\drivers\usbhub.sys
6/10/2009 9:12:25 PM 19456 32 C:\Windows\System32\drivers\usbohci.sys
6/10/2009 9:13:19 PM 226304 32 C:\Windows\System32\drivers\usbport.sys
6/10/2009 9:13:28 PM 65536 32 C:\Windows\System32\drivers\USBSTOR.SYS
6/10/2009 9:13:09 PM 292840 32 C:\Windows\System32\drivers\volmgrx.sys
6/10/2009 9:13:08 PM 226280 32 C:\Windows\System32\drivers\volsnap.sys
6/10/2009 9:12:39 PM 33280 32 C:\Windows\System32\drivers\watchdog.sys
====== Files Deleted under "%Temp%" ======
553 Files deleted
====== Files and Folders under "All Users\Application Data" Last 60 Days======
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Aim6
HKLM\Software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ccApp
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DivX Free Codec
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ECenter
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\LELA
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKLM\Software\microsoft\shared tools\msconfig\startupreg\nmctxth
HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvSvc
HKLM\Software\microsoft\shared tools\msconfig\startupreg\osCheck
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Skype
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Windows Defender
HKLM\Software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter
HKLM\Software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
====== Services ( Services that are Whitelisted are not shown) ======
adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
Afc (PPdus ASPI Shell)- C:\Windows\system32\drivers\Afc.sys - Manual/Running
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver)- C:\Windows\system32\DRIVERS\bcmwl6.sys - Manual/Running
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
DLABMFSM (DLABMFSM)- C:\Windows\system32\DLA\DLABMFSM.SYS - Auto/Running
DLABOIOM (DLABOIOM)- C:\Windows\system32\DLA\DLABOIOM.SYS - Auto/Running
DLACDBHM (DLACDBHM)- C:\Windows\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResM (DLADResM)- C:\Windows\system32\DLA\DLADResM.SYS - Auto/Running
DLAIFS_M (DLAIFS_M)- C:\Windows\system32\DLA\DLAIFS_M.SYS - Auto/Running
DLAOPIOM (DLAOPIOM)- C:\Windows\system32\DLA\DLAOPIOM.SYS - Auto/Running
DLAPoolM (DLAPoolM)- C:\Windows\system32\DLA\DLAPoolM.SYS - Auto/Running
DLARTL_M (DLARTL_M)- C:\Windows\system32\Drivers\DLARTL_M.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\Windows\system32\DLA\DLAUDFAM.SYS - Auto/Running
DLAUDF_M (DLAUDF_M)- C:\Windows\system32\DLA\DLAUDF_M.SYS - Auto/Running
DRVMCDB (DRVMCDB)- C:\Windows\system32\Drivers\DRVMCDB.SYS - Boot/Running
DRVNDDM (DRVNDDM)- C:\Windows\system32\Drivers\DRVNDDM.SYS - Auto/Running
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Running
e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver)- C:\Windows\system32\DRIVERS\e1e6032.sys - Manual/Stopped
E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Disabled/Stopped
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Running
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Running
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mozyFilter (mozyFilter)- C:\Windows\system32\DRIVERS\mozy.sys - System/Running
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
MUSTechVIDCAP (ADS DVD XPRESS DX2)- C:\Windows\system32\drivers\musgostrm.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Running
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Running
nvrd32 (NVIDIA nForce RAID Driver)- C:\Windows\system32\drivers\nvrd32.sys - Disabled/Stopped
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
nvstor32 (nvstor32)- C:\Windows\system32\drivers\nvstor32.sys - Boot/Running
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Running
pnarp (Pure Networks Device Discovery Driver)- C:\Windows\system32\DRIVERS\pnarp.sys - Auto/Running
purendis (Pure Networks Wireless Driver)- C:\Windows\system32\DRIVERS\purendis.sys - Auto/Running
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
R300 (R300)- C:\Windows\system32\DRIVERS\atikmdag.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Running
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\drivers\sffdisk.sys - Disabled/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\drivers\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Running
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Running
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Running
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Running
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
tmcfw (Trend Micro Common Firewall Service)- C:\Windows\system32\DRIVERS\TM_CFW.sys - Manual/Running
TmFilter (Trend Micro Filter)- \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys - Auto/Running
TmPreFilter (Trend Micro PreFilter)- \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys - Auto/Running
tmtdi (Trend Micro TDI Driver)- C:\Windows\system32\DRIVERS\tmtdi.sys - System/Running
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Running
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Running
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
VSApiNt (Trend Micro VSAPI NT)- \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys - Auto/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Running
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\drivers\wmiacpi.sys - Disabled/Stopped
WpdUsb (WpdUsb)- C:\Windows\system32\DRIVERS\wpdusb.sys - Manual/Stopped
====== Uninstall List ======
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
AIM 6
Audacity 1.2.6
Bid Manager 6.1
Data Access Objects (DAO) 3.5
DivX Free Codec
Canon Utilities Easy-PhotoPrint
ESPN BottomLine
Microsoft Flight Simulator 2004 A Century of Flight
FLV Player 2.0 (build 25)
HijackThis 2.0.2
Linksys EasyLink Advisor
NVIDIANetworkDiagnostic
Security Update for CAPICOM (KB931906)
LimeWire 5.1.3
Microsoft .NET Framework 3.5 SP1
Mozilla Firefox (2.0.0.14)
NVIDIA Drivers
Trend Micro OfficeScan Client
Oregon Trail(R) 5
RealPlayer
Microsoft Office Standard 2007
TomTom HOME 2.6.2.1586
Viewpoint Media Player
Walmart MP3 Music Downloads
WeatherBug
AT&T Yahoo! Internet Mail
Roxio Creator Tools
Bonjour
Roxio Creator Data
Security Update for CAPICOM (KB931906)
AutoUpdate
Roxio Drag-to-Disc
Roxio Update Manager
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Sonic Activation Module
MSXML 4.0 SP2 (KB927978)
iTunes
Roxio Creator Copy
Roxio Express Labeler
Apple Software Update
Windows Media Player Firefox Plugin
Microsoft Visual C++ 2005 Redistributable
DivX Codec
Linksys EasyLink Advisor
Apple Mobile Device Support
Roxio Creator Audio
MSXML 4.0 SP2 (KB954430)
Roxio Creator BDAV Plugin
Microsoft Silverlight
DivX Player
Ulead Straight-to-Disc SDK
TomTom HOME Visual Studio Merge Modules
Microsoft Office Excel MUI (English) 2007
Update for Microsoft Office Excel 2007 Help (KB963678)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Microsoft Office Outlook MUI (English) 2007
Update for Microsoft Office Outlook 2007 Help (KB963677)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Update for Microsoft Office Word 2007 Help (KB963665)
Microsoft Office Proof (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Standard 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for 2007 Microsoft Office System (KB969559)
Update for Microsoft Office Outlook 2007 (KB969907)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Excel 2007 (KB969682)
Update for 2007 Microsoft Office System (KB967642)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Word 2007 (KB969604)
Update for Outlook 2007 Junk Email Filter (kb970012)
Pure Networks Platform
Google Update Helper
Adobe Reader 8.1.5
KB408682
Spelling Dictionaries Support For Adobe Reader 8
DivX Converter
MozyHome Remote Backup
DivX Web Player
Canon PhotoRecord
MSXML 4.0 SP2 (KB936181)
WebEx Support Manager for Internet Explorer
MSXML 4.0 SP2 (KB941833)
QuickTime
ArcSoft ShowBiz DVD 2
Roxio Creator DE
Google Earth
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Roxio MyDVD DE
MobileMe Control Panel
Adobe Flash Player 10 Plugin
NVIDIANetworkDiagnostic
Realtek High Definition Audio Driver
======== Other Info ========
TOTAL PHYSICAL RAM: 2078 MB
Boot Info
OS Type: Microsoft® Windows Vista™ Home Premium
Build: 6.0.6002
Service Pack: 2.0
====== Files with Hidden Attributes======
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Boot\bootstat.dat
==End of Report==
bamajim
10.4K Posts
0
June 23rd, 2009 07:00
You have a couple of suspicious files I would like to look at.
Please go HERE
Put Your Name, and Dell HJT forum and In the file to submit box, click Browse.
Using Windows Explorer
Locate the file:
In the comments tell them that I asked you to upload the file
In the next Box, Select Browse and repeat the process for this file as well
Locate the file:
In the comments tell them that I asked you to upload the file
Then Select Send File.
kstater
8 Posts
0
June 24th, 2009 19:00
Bamajim,
I was unable to locate either file in Windows Explorer. Please advise!
Kyle
bamajim
10.4K Posts
0
June 25th, 2009 07:00
Let's do it this way
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
kstater
8 Posts
0
June 25th, 2009 17:00
Bamajim,
Here's the log:
ComboFix 09-06-25.01 - Kyle 06/25/2009 17:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1130 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Trend Micro OfficeScan Anti-spyware *enabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ebptuo\ATIDLL_tjozf.dll
c:\windows\system32\ebptuo\AWTKernel32_nvezu.dll
c:\windows\system32\ebptuo\mca_fxcim.dll
c:\windows\system32\ebptuo\mcmsg_wlaum.dll
c:\windows\system32\ebptuo\mcy_oqcpp.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.
2009-06-25 23:02 . 2009-06-25 23:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-19 04:51 . 2008-04-09 05:14 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-06-19 04:51 . 2008-04-09 05:14 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-06-19 04:50 . 2009-06-19 04:50 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-06-19 04:43 . 2009-06-19 04:51 -------- d-----w- c:\programdata\Pure Networks
2009-06-19 03:58 . 2009-06-19 03:58 -------- d-----w- c:\users\Kyle\AppData\Local\Linksys_LLC_-_A_Division_
2009-06-19 03:56 . 2009-06-19 03:56 -------- d-----w- c:\programdata\webex
2009-06-19 03:55 . 2009-06-19 03:58 -------- d-----w- c:\programdata\Linksys
2009-06-19 03:52 . 2009-06-19 04:50 -------- d-----w- c:\program files\Linksys
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\ca-ES
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\eu-ES
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\vi-VN
2009-06-11 02:15 . 2009-06-11 02:15 -------- d-----w- c:\windows\system32\EventProviders
2009-06-11 02:13 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-11 02:12 . 2009-04-11 06:28 61440 ----a-w- c:\windows\system32\wscsvc.dll
2009-06-11 02:11 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-10 02:59 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 02:59 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 02:59 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 02:57 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 02:52 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 02:53 . 2009-06-09 02:53 -------- d-----w- c:\program files\iPod
2009-06-09 02:07 . 2009-06-09 02:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 05:08 . 2009-06-08 11:21 -------- d-----w- c:\program files\iPod(104)
2009-06-03 05:05 . 2009-06-03 05:06 -------- d-----w- c:\program files\QuickTime(134)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 12:23 . 2007-08-28 03:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\WeatherBug
2009-06-19 05:28 . 2007-08-26 00:03 85776 ----a-w- c:\users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-19 04:50 . 2007-08-22 00:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 03:55 . 2007-08-22 00:59 -------- d-----w- c:\program files\Java
2009-06-11 03:10 . 2008-12-28 23:57 2256 ----a-w- c:\windows\current_settings.bin
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 03:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 03:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 04:46 . 2007-08-26 01:24 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 04:11 . 2007-08-22 01:15 -------- d-----w- c:\program files\Google
2009-06-09 02:53 . 2008-09-18 23:13 -------- d-----w- c:\program files\iTunes
2009-06-09 02:53 . 2007-08-26 01:26 -------- d-----w- c:\program files\Common Files\Apple
2009-06-09 02:50 . 2009-03-25 17:58 -------- d-----w- c:\program files\QuickTime
2009-06-09 01:55 . 2008-12-17 22:38 -------- d-----w- c:\program files\MozyHome
2009-05-23 05:17 . 2008-06-20 01:30 -------- d-----w- c:\users\Kyle\AppData\Roaming\LimeWire
2009-05-23 05:11 . 2009-05-06 22:59 -------- d-----w- c:\program files\UltraVNC
2009-05-21 12:26 . 2009-05-21 12:26 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-05-19 22:06 . 2009-05-19 22:06 390664 ----a-w- c:\users\Kyle\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-06 23:01 . 2009-05-06 23:01 -------- d-----w- c:\users\Kyle\AppData\Roaming\UltraVNC
2009-05-05 14:10 . 2008-12-28 22:50 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-05 14:10 . 2007-08-26 01:29 -------- d-----w- c:\program files\Microsoft Works
2009-04-11 06:33 . 2009-06-11 02:13 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-11 02:13 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-11 02:13 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-11 02:13 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-11 02:13 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-11 02:13 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-11 02:13 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-11 02:12 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-11 02:12 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-11 02:12 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-11 02:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-11 02:14 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-11 02:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-11 02:12 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-11 02:12 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-11 02:12 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-11 02:12 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-11 02:12 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-11 02:12 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-11 02:12 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-11 02:12 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-11 02:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-11 02:12 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-11 02:12 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-11 02:13 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-11 02:13 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-11 02:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-11 02:12 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-11 02:12 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-11 02:13 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-11 02:13 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-11 02:12 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-11 02:12 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-11 02:12 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-11 02:12 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-06-11 02:12 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-11 02:12 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-11 02:12 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-11 02:12 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-11 02:14 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-11 02:12 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-11 02:12 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-11 02:12 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-11 02:12 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-11 02:12 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-11 02:12 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-11 02:13 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-11 02:12 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-11 02:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-11 02:12 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-11 02:13 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-11 02:13 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-11 02:13 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-11 02:13 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-11 02:13 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-11 02:13 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-11 02:12 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-11 02:13 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-11 02:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-11 02:12 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-11 02:12 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-11 02:12 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-11 02:12 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-11 02:13 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-11 02:14 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-06-11 02:13 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-03-30 04:42 . 2009-06-11 02:13 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-30 04:42 . 2009-06-11 02:13 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-30 04:42 . 2009-06-11 02:13 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-30 04:42 . 2009-06-11 02:12 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-04-10 02:31 . 2009-04-10 02:31 2629192 ----a-w- c:\program files\mozilla firefox\components\1272064.dll
2008-04-25 22:02 . 2008-02-25 14:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-25 22:02 . 2008-02-25 14:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-25 22:02 . 2008-02-25 14:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-25 22:02 . 2008-02-25 14:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-25 22:02 . 2008-02-25 14:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-22 08:40 . 2007-08-22 08:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 18:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 18:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-24 1343488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 702072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):a1,89,28,5b,42,ea,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{667CC109-49DD-4FDE-82C0-9F6EED782520}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C3D50BB9-3D97-41AF-B451-D2852091350A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{56B8849B-F3DD-48D4-8E2E-1D7059E8EA85}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{80202DBF-708B-4E78-8922-382B0B492EF7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{05E966C7-8164-4ACB-8EB4-16B721EBD62F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{90577F16-2C17-4276-BEF9-9044F0E43C66}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{5837C995-D0BC-47DE-9B6E-882FB43106E2}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{A046836E-19F8-4266-BAB4-EC1AC379BF68}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EFE5BF71-F641-4228-AE9E-B6C4180F015B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3ADD2396-94C1-4309-8D34-8500D567D800}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{128CD616-E246-467D-9D7A-386961B8A3F1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D2954A02-0691-447F-9ED5-81CCAB983254}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{60131EAB-082C-464E-B264-1B3CFAACA435}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{FA211946-C127-4C6D-A639-158565E9CE2C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{064D3A3A-6367-440C-BC47-2C4F730970EE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74118394-43A6-4A2C-B757-D0EA4BA95661}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F40662E4-474A-4BFD-9163-048ABB5A40C3}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{8687DEFC-456D-4E20-885B-6E3CF19E1254}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{05DFAA4B-A409-445B-AFDA-D53DEB9E152A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3BC152FE-442E-4C63-ADF6-5A3FED54140A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AB934C26-18C2-4171-8FE1-5225D1AA6243}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{CB4D1654-FEC0-456F-A380-B1662AF1E853}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CAF446EC-92F0-4002-A21F-EB9BCA14FD94}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{09E408B0-347A-47A5-BF83-EC68DA0F05DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DFC6B70C-E89C-4CD9-B4CE-C1DFF6D9D3A6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE5A1314-93B4-43FB-A77E-9D01D2086FDB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E03D3129-EBE8-4411-9A49-57B38688FE2D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E349A2E5-659C-46EC-9C80-F709371BC60E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CCF32BA-EC27-496B-8DE7-CBAEF0E7BD1E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D814F0CD-E472-4943-BBEB-BC2429380BF4}"= TCP:67:DHCP Discovery Service
"{387F1580-A326-45A7-A74C-BE587B9D5A70}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{9C0F206B-E549-4640-BA0E-06F312EA13FD}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{AD9C6D09-AC81-4DA2-9239-79F64DAEBB2B}"= TCP:67:0.0.0.0:DHCP Discovery Service
"{879EC6BD-A13D-40B0-87A7-650A5A5A23CD}"= UDP:42610:Trend Micro OfficeScan Listener
"{E87DC6DA-E0B8-469A-B492-E04042EACE1C}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{7F4DB93B-D1C9-4F64-BC57-7BEBCC4AD321}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [2/12/2009 8:24 PM 53752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 7:17 AM 77824]
R2 atisvc_frugp;atisvc_frugp;c:\windows\System32\ebptuo\atisvc_frugp.exe [4/9/2009 9:31 PM 458923]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 4:30 AM 204800]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/27/2006 1:31 PM 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/27/2006 1:31 PM 36368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/22/2007 11:28 PM 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [4/20/2007 1:44 PM 307984]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [4/4/2007 5:35 PM 943696]
S2 gupdate1c9e8b6aa94cc20;Google Update Service (gupdate1c9e8b6aa94cc20);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 10:59 PM 133104]
S3 MUSTechVIDCAP;ADS DVD XPRESS DX2;c:\windows\System32\drivers\musgostrm.sys [1/1/2009 5:06 PM 252160]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/27/2007 3:35 PM 575064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 03:59]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Host Process - c:\users\Kyle\svchost.exe
HKCU-Run-Aim6 - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://chicago.cubs.mlb.com/index.jsp?c_id=chc
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 18:09
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Kyle\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP000000118AE55D2986931039 524288 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5928)
c:\windows\system32\ebptuo\mcie_eiiai.dll
c:\windows\system32\ebptuo\mcapp_lgwia.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\ebptuo\mcsc_gwika.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\System32\java.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-25 18:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 23:16
Pre-Run: 208,476,991,488 bytes free
Post-Run: 208,990,494,720 bytes free
338 --- E O F --- 2009-06-25 22:52
bamajim
10.4K Posts
0
June 26th, 2009 07:00
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
Driver::
atisvc_frugp
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
kstater
8 Posts
0
June 26th, 2009 17:00
Here's the new log:
ComboFix 09-06-26.02 - Kyle 06/26/2009 16:43.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1184 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Trend Micro OfficeScan Anti-spyware *enabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_atisvc_frugp
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-26 21:51 . 2009-06-26 21:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-25 23:17 . 2009-06-26 23:27 -------- d-----w- c:\users\Kyle\AppData\Local\temp
2009-06-19 04:51 . 2008-04-09 05:14 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-06-19 04:51 . 2008-04-09 05:14 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-06-19 04:50 . 2009-06-19 04:50 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-06-19 04:43 . 2009-06-19 04:51 -------- d-----w- c:\programdata\Pure Networks
2009-06-19 03:58 . 2009-06-19 03:58 -------- d-----w- c:\users\Kyle\AppData\Local\Linksys_LLC_-_A_Division_
2009-06-19 03:56 . 2009-06-19 03:56 -------- d-----w- c:\programdata\webex
2009-06-19 03:55 . 2009-06-19 03:58 -------- d-----w- c:\programdata\Linksys
2009-06-19 03:52 . 2009-06-19 04:50 -------- d-----w- c:\program files\Linksys
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\ca-ES
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\eu-ES
2009-06-11 03:05 . 2009-06-11 03:05 -------- d-----w- c:\windows\system32\vi-VN
2009-06-11 02:15 . 2009-06-11 02:15 -------- d-----w- c:\windows\system32\EventProviders
2009-06-11 02:13 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-11 02:12 . 2009-04-11 06:28 61440 ----a-w- c:\windows\system32\wscsvc.dll
2009-06-11 02:11 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-10 02:59 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 02:59 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 02:59 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 02:57 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 02:52 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 02:53 . 2009-06-09 02:53 -------- d-----w- c:\program files\iPod
2009-06-09 02:07 . 2009-06-09 02:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 05:08 . 2009-06-08 11:21 -------- d-----w- c:\program files\iPod(104)
2009-06-03 05:05 . 2009-06-03 05:06 -------- d-----w- c:\program files\QuickTime(134)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 12:23 . 2007-08-28 03:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\WeatherBug
2009-06-19 05:28 . 2007-08-26 00:03 85776 ----a-w- c:\users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-19 04:50 . 2007-08-22 00:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 03:55 . 2007-08-22 00:59 -------- d-----w- c:\program files\Java
2009-06-11 03:10 . 2008-12-28 23:57 2256 ----a-w- c:\windows\current_settings.bin
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 03:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 03:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 03:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 04:46 . 2007-08-26 01:24 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 04:11 . 2007-08-22 01:15 -------- d-----w- c:\program files\Google
2009-06-09 02:53 . 2008-09-18 23:13 -------- d-----w- c:\program files\iTunes
2009-06-09 02:53 . 2007-08-26 01:26 -------- d-----w- c:\program files\Common Files\Apple
2009-06-09 02:50 . 2009-03-25 17:58 -------- d-----w- c:\program files\QuickTime
2009-06-09 01:55 . 2008-12-17 22:38 -------- d-----w- c:\program files\MozyHome
2009-05-23 05:17 . 2008-06-20 01:30 -------- d-----w- c:\users\Kyle\AppData\Roaming\LimeWire
2009-05-23 05:11 . 2009-05-06 22:59 -------- d-----w- c:\program files\UltraVNC
2009-05-21 12:26 . 2009-05-21 12:26 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-05-19 22:06 . 2009-05-19 22:06 390664 ----a-w- c:\users\Kyle\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-06 23:01 . 2009-05-06 23:01 -------- d-----w- c:\users\Kyle\AppData\Roaming\UltraVNC
2009-05-05 14:10 . 2008-12-28 22:50 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-05 14:10 . 2007-08-26 01:29 -------- d-----w- c:\program files\Microsoft Works
2009-04-11 06:33 . 2009-06-11 02:13 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-11 02:13 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-11 02:13 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-11 02:13 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-11 02:13 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-11 02:13 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-11 02:13 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-11 02:12 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-11 02:12 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-11 02:12 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-11 02:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-11 02:14 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-11 02:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-11 02:12 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-11 02:12 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-11 02:12 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-11 02:12 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-11 02:12 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-11 02:12 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-11 02:12 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-11 02:12 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-11 02:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-11 02:12 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-11 02:12 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-11 02:13 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-11 02:13 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-11 02:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-11 02:12 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-11 02:12 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-11 02:13 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-11 02:13 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-11 02:12 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-11 02:12 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-11 02:12 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-11 02:12 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-06-11 02:12 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-11 02:12 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-11 02:12 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-11 02:12 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-11 02:14 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-11 02:12 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-11 02:12 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-11 02:12 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-11 02:12 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-11 02:12 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-11 02:12 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-11 02:13 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-11 02:12 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-11 02:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-11 02:12 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-11 02:13 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-11 02:13 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-11 02:13 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-11 02:13 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-11 02:13 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-11 02:13 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-11 02:12 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-11 02:13 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-11 02:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-11 02:12 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-11 02:12 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-11 02:12 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-11 02:12 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-11 02:13 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-06-11 02:14 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-06-11 02:13 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-03-30 04:42 . 2009-06-11 02:13 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-30 04:42 . 2009-06-11 02:13 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-30 04:42 . 2009-06-11 02:13 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-30 04:42 . 2009-06-11 02:12 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-04-10 02:31 . 2009-04-10 02:31 2629192 ----a-w- c:\program files\mozilla firefox\components\1272064.dll
2008-04-25 22:02 . 2008-02-25 14:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-25 22:02 . 2008-02-25 14:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-25 22:02 . 2008-02-25 14:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-25 22:02 . 2008-02-25 14:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-25 22:02 . 2008-02-25 14:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-22 08:40 . 2007-08-22 08:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-06-25_23.08.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-22 01:24 . 2009-06-26 21:33 58008 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-26 21:33 70018 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-26 00:03 . 2009-06-26 21:33 11722 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211789283-4231873873-109044156-1000_UserData.bin
+ 2007-08-26 00:02 . 2009-06-26 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-26 00:02 . 2009-06-25 04:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-26 00:02 . 2009-06-26 21:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-26 00:02 . 2009-06-25 04:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-26 00:02 . 2009-06-25 04:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-26 00:02 . 2009-06-26 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-25 23:04 . 2009-06-25 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-26 21:53 . 2009-06-26 21:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-26 21:53 . 2009-06-26 21:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-25 23:04 . 2009-06-25 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-26 21:53 . 2007-05-08 00:43 300656 c:\windows\temp\MYCB01.EXE
+ 2008-09-05 23:24 . 2009-06-26 23:26 241864 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 10:33 . 2009-06-26 22:00 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-24 04:32 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-24 04:32 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-26 22:00 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 18:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 18:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-24 1343488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 702072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):a1,89,28,5b,42,ea,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{667CC109-49DD-4FDE-82C0-9F6EED782520}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C3D50BB9-3D97-41AF-B451-D2852091350A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{56B8849B-F3DD-48D4-8E2E-1D7059E8EA85}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{80202DBF-708B-4E78-8922-382B0B492EF7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{05E966C7-8164-4ACB-8EB4-16B721EBD62F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{90577F16-2C17-4276-BEF9-9044F0E43C66}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{5837C995-D0BC-47DE-9B6E-882FB43106E2}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{A046836E-19F8-4266-BAB4-EC1AC379BF68}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EFE5BF71-F641-4228-AE9E-B6C4180F015B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3ADD2396-94C1-4309-8D34-8500D567D800}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{128CD616-E246-467D-9D7A-386961B8A3F1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D2954A02-0691-447F-9ED5-81CCAB983254}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{60131EAB-082C-464E-B264-1B3CFAACA435}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{FA211946-C127-4C6D-A639-158565E9CE2C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{064D3A3A-6367-440C-BC47-2C4F730970EE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74118394-43A6-4A2C-B757-D0EA4BA95661}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F40662E4-474A-4BFD-9163-048ABB5A40C3}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{8687DEFC-456D-4E20-885B-6E3CF19E1254}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{05DFAA4B-A409-445B-AFDA-D53DEB9E152A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3BC152FE-442E-4C63-ADF6-5A3FED54140A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AB934C26-18C2-4171-8FE1-5225D1AA6243}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{CB4D1654-FEC0-456F-A380-B1662AF1E853}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CAF446EC-92F0-4002-A21F-EB9BCA14FD94}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{09E408B0-347A-47A5-BF83-EC68DA0F05DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DFC6B70C-E89C-4CD9-B4CE-C1DFF6D9D3A6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE5A1314-93B4-43FB-A77E-9D01D2086FDB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E03D3129-EBE8-4411-9A49-57B38688FE2D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E349A2E5-659C-46EC-9C80-F709371BC60E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CCF32BA-EC27-496B-8DE7-CBAEF0E7BD1E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D814F0CD-E472-4943-BBEB-BC2429380BF4}"= TCP:67:DHCP Discovery Service
"{AD9C6D09-AC81-4DA2-9239-79F64DAEBB2B}"= TCP:67:DHCP Discovery Service
"{3C048C1F-F689-4A80-9587-A4D2911D022B}"= UDP:42610:Trend Micro OfficeScan Listener
"{2AEFC56F-DDE9-46D0-AC2C-E6BF0B864C22}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{E8E21CAA-D63B-4F5A-B883-A32C3906972D}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [2/12/2009 8:24 PM 53752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 7:17 AM 77824]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 4:30 AM 204800]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/27/2006 1:31 PM 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/27/2006 1:31 PM 36368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/22/2007 11:28 PM 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [4/20/2007 1:44 PM 307984]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [4/4/2007 5:35 PM 943696]
S2 gupdate1c9e8b6aa94cc20;Google Update Service (gupdate1c9e8b6aa94cc20);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 10:59 PM 133104]
S3 MUSTechVIDCAP;ADS DVD XPRESS DX2;c:\windows\System32\drivers\musgostrm.sys [1/1/2009 5:06 PM 252160]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/27/2007 3:35 PM 575064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 03:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://chicago.cubs.mlb.com/index.jsp?c_id=chc
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 18:27
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1268)
c:\program files\MozyHome\mozyshell.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\System32\java.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\temp\MYCB01.EXE
c:\windows\System32\VSSVC.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-26 18:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 23:33
ComboFix2.txt 2009-06-25 23:17
Pre-Run: 207,816,421,376 bytes free
Post-Run: 207,467,491,328 bytes free
354 --- E O F --- 2009-06-25 22:52
kstater
8 Posts
0
June 26th, 2009 17:00
Bamajim,
I tried visiting a website that's been giving me the error message, and it finally works again! Is there anything I need to wrap up or pursue to completely eradicate this spyware, or is that it?
Thanks for all your help!
--Kyle
bamajim
10.4K Posts
0
June 29th, 2009 15:00
You have a suspicious file I would like to look at
1. We need to make sure we can see hidden files and folders
To enable the viewing of Hidden and System files follow these steps:
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.
2. Please go HERE
Put Your Name, and Dell HJT forum and In the file to submit box, click Browse.
Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the fileIn the comments tell them that I asked you to upload the file
Then Select Send File.
kstater
8 Posts
0
June 29th, 2009 21:00
I was unable to locate that file based on the directions given. I also entered it directly in the search bar and it still failed to show up.
bamajim
10.4K Posts
0
July 2nd, 2009 18:00
I would like to make sure we didn't miss anything.
Run an online virus scan called Kaspersky from HERE.
[2.] At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
[3.] Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
[4.] Select Scan Report.
[5.] If any threats were found they will appear in the report
[6.] Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt
[7.] Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well
kstater
8 Posts
0
July 12th, 2009 19:00
bamajim,
i've tried running the scan at least 10 times, and it never gets past 49% without stopping. it always comes up with hundreds of threats, but b/c it freezes it never lets me view the report. what's your next suggestion?
bamajim
10.4K Posts
0
July 20th, 2009 10:00
Let's try this one
Please perform a BitDefender Online Virus and Malware Scan here:
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log.