cEris
asked on
Will not boot into Safe Mode to remove rest of System Security 2009 virus
Hello all,
I have a computer here that I am trying to fix. It is a Dell Dimenson 6310. When it was given to me it had the System Security 2009 virus and it had really messed up the computer. It wouldn't allow you to run EXE files (including the
So thanks to the awesome people here I was able repair the EXE situation by going into the task manager and doing "Run New Task" while holding down the CTRL key, which let me go to the command prompt and run Malwarebytes. The first time it got to run the program it found a bunch of viruses and trojans. I let it remove them, reboot the machine, ran the program again, did the same, let it remove them and reboot the machine. So it's been able to run Malwarebytes and other EXE files.
Malwarebytes seems to always find the same 9 issues each time now. What I understand is that I have to run Malwarebytes from safemode in order to get it to solve these issues. The problem is this computer will not allow you to boot into safe mode anymore.
When you try to go into safemode it gives you a blue screen of death. It tells you to try running Chkdsk /f (which I have done) and gives the following error..
0x0000007b (0xf8a9b5254,0xc0000034,0x 00000000,0 x00000000)
So I can not get into safe mode to finish cleaning up this issue with Malwarebytes.
I can only assume that this is due to the fact that System Security 2009 virus messed up a bunch of stuff that Malwarebytes couldn't fix. Things like the Registery issues (that I had to solve using the UnHookExec.inf fix that I also got from here).
I have not installed or ran other programs yet as I would like to get the opinions of the awesome people here first.
I understand the computer ran just fine before this virus hit so I don't THINK it's a hardware issue (all though who knows!)..
Any tips?
Thanks a bunch!
I have a computer here that I am trying to fix. It is a Dell Dimenson 6310. When it was given to me it had the System Security 2009 virus and it had really messed up the computer. It wouldn't allow you to run EXE files (including the
So thanks to the awesome people here I was able repair the EXE situation by going into the task manager and doing "Run New Task" while holding down the CTRL key, which let me go to the command prompt and run Malwarebytes. The first time it got to run the program it found a bunch of viruses and trojans. I let it remove them, reboot the machine, ran the program again, did the same, let it remove them and reboot the machine. So it's been able to run Malwarebytes and other EXE files.
Malwarebytes seems to always find the same 9 issues each time now. What I understand is that I have to run Malwarebytes from safemode in order to get it to solve these issues. The problem is this computer will not allow you to boot into safe mode anymore.
When you try to go into safemode it gives you a blue screen of death. It tells you to try running Chkdsk /f (which I have done) and gives the following error..
0x0000007b (0xf8a9b5254,0xc0000034,0x
So I can not get into safe mode to finish cleaning up this issue with Malwarebytes.
I can only assume that this is due to the fact that System Security 2009 virus messed up a bunch of stuff that Malwarebytes couldn't fix. Things like the Registery issues (that I had to solve using the UnHookExec.inf fix that I also got from here).
I have not installed or ran other programs yet as I would like to get the opinions of the awesome people here first.
I understand the computer ran just fine before this virus hit so I don't THINK it's a hardware issue (all though who knows!)..
Any tips?
Thanks a bunch!
ASKER
Heya Occredit,
Thanks for the tip. Yeah, I have to agree with you in that honestly this is a situation where the easiest (and best way to make sure it is %100 clean) is to do a reinstall. It may end up that it comes to that.
This particular computer has a bunch of work related stuff installed on it that will be VERY time consuming and difficult to re-install. If worst comes to worse that's what we'll end up doing, but for the time being I have to have hopes that there can be a solution to the issues at hand.
AS AN UPDATE:
When I do a Malwarebyte scan the specific issues it finds are
Worm.Archive c:\windows\fonts\servoces. exe
Worm.Archive Memory Archive c:\Windows\fonts\services. exe
hijack.system.hidden registery data HKEY_local_machine\softwar e]microsof \windows\c urrentvers ion\explor er\advance d\folder\h idden\show all\checke dvalue
hijacked.batfile hkey_classes_root\.bat\(de fault) Bad:(csfile) Good(batfile)
hijacked.comfle hkey_classes_root\.com(def ault) Bad:(csfile) Good(comfile)
hijacked.exefule hkey_classes_root\.exe(def ault Bad: (csfile) Good(exefile)
Anyway, I agree about just restoring the dell to it's default, and if worse comes to worse that's what I'll end up doing.. But right now I don't mind spending the time and effort to clean this stuff up.. I will be going through and cleaning up each item one at a time and see what I can do. I've seen most of these problems before just not all at once and I know that it really matters what order things are done in cases like this so I was looking for some advice from others who have solved this issue..
My next steps are to go through and clean up each section of the registery based on the issues found. I just can't imagine that there have been no solutions other than Reinstalling. I've seen some amazing things pulled off by the kick butt experts around here!
I am going to keep working on this issue, and I will keep this updated. If I end up getting it all cleaned up perhaps this will help the next person who runs across the same thing :)
Oh and here is the logfile from Malwarebyte..
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/6/2009 7:32:06 PM
mbam-log-2009-07-06 (19-31-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 136099
Time elapsed: 17 minute(s), 57 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
C:\WINDOWS\Fonts\services. exe (Worm.Archive) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Explo rer\Advanc ed\Folder\ Hidden\SHO WALL\Check edValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CLASSES_ROOT\.bat\(de fault) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> No action taken.
HKEY_CLASSES_ROOT\.com\(de fault) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> No action taken.
HKEY_CLASSES_ROOT\.exe\(de fault) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Fonts\services. exe (Worm.Archive) -> No action taken.
Thanks for the tip. Yeah, I have to agree with you in that honestly this is a situation where the easiest (and best way to make sure it is %100 clean) is to do a reinstall. It may end up that it comes to that.
This particular computer has a bunch of work related stuff installed on it that will be VERY time consuming and difficult to re-install. If worst comes to worse that's what we'll end up doing, but for the time being I have to have hopes that there can be a solution to the issues at hand.
AS AN UPDATE:
When I do a Malwarebyte scan the specific issues it finds are
Worm.Archive c:\windows\fonts\servoces.
Worm.Archive Memory Archive c:\Windows\fonts\services.
hijack.system.hidden registery data HKEY_local_machine\softwar
hijacked.batfile hkey_classes_root\.bat\(de
hijacked.comfle hkey_classes_root\.com(def
hijacked.exefule hkey_classes_root\.exe(def
Anyway, I agree about just restoring the dell to it's default, and if worse comes to worse that's what I'll end up doing.. But right now I don't mind spending the time and effort to clean this stuff up.. I will be going through and cleaning up each item one at a time and see what I can do. I've seen most of these problems before just not all at once and I know that it really matters what order things are done in cases like this so I was looking for some advice from others who have solved this issue..
My next steps are to go through and clean up each section of the registery based on the issues found. I just can't imagine that there have been no solutions other than Reinstalling. I've seen some amazing things pulled off by the kick butt experts around here!
I am going to keep working on this issue, and I will keep this updated. If I end up getting it all cleaned up perhaps this will help the next person who runs across the same thing :)
Oh and here is the logfile from Malwarebyte..
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/6/2009 7:32:06 PM
mbam-log-2009-07-06 (19-31-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 136099
Time elapsed: 17 minute(s), 57 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
C:\WINDOWS\Fonts\services.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CLASSES_ROOT\.bat\(de
HKEY_CLASSES_ROOT\.com\(de
HKEY_CLASSES_ROOT\.exe\(de
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Fonts\services.
MalwareBytes is designed to run in normal mode so safe mode is not really necessary unless the pc only boots in safe mode. Combofix will also try and repair safeboot key.
Use ComboFix and show us the log please, it's important that we see the logfile as bad files cn still show up there which we need to use a script to delete them.
Download ComboFix by sUBs:
http://download.bleepingco mputer.com /sUBs/Comb oFix.exe
(If it doesn't run re-download but rename before saving to your desktop)
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcompute r.com/comb ofix/how-t o-use-comb ofix
Use ComboFix and show us the log please, it's important that we see the logfile as bad files cn still show up there which we need to use a script to delete them.
Download ComboFix by sUBs:
http://download.bleepingco
(If it doesn't run re-download but rename before saving to your desktop)
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcompute
ASKER
Heya there rpggamergirl,
I hadn't heard of Combofix before. What a snazzy program. I hope this log gives a better insight to the problem..
Thanks for the advice!
ComboFix 09-07-06.02 - Tom Cosat 07/07/2009 0:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18. 502.287 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((( (((((((((( ((( Other Deletions )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
C:\-2002013530
c:\windows\010112010146118 114.dat
c:\windows\010112010146484 9.dat
c:\windows\Install.txt
c:\windows\Installer\538f9 80.msi
c:\windows\kb913800.exe
c:\windows\system32\mscevt .exe
c:\windows\system32\mscggc .exe
c:\windows\system32\mscgki .exe
c:\windows\system32\mschu. exe
c:\windows\system32\mscig. exe
c:\windows\system32\mscixy .exe
c:\windows\system32\msckm. exe
c:\windows\system32\msckns .exe
c:\windows\system32\mscku. exe
c:\windows\system32\mscngc tq.exe
c:\windows\system32\mscnjg .exe
c:\windows\system32\mscnys .exe
c:\windows\system32\mscpbq xd.exe
c:\windows\system32\mscpof yx.exe
c:\windows\system32\mscqjg pe.exe
c:\windows\system32\mscqty rt.exe
c:\windows\system32\mscrb. exe
c:\windows\system32\mscrsb j.exe
c:\windows\system32\mscruj to.exe
c:\windows\system32\mscrut b.exe
c:\windows\system32\mscudj t.exe
c:\windows\system32\mscvfn i.exe
c:\windows\system32\mscyzz p.exe
c:\windows\system32\msdaii .exe
c:\windows\system32\msdcf. exe
c:\windows\system32\msdcrj .exe
c:\windows\system32\msdcv. exe
c:\windows\system32\msddre jv.exe
c:\windows\system32\msdefx bo.exe
c:\windows\system32\msdeow .exe
c:\windows\system32\msdfoh .exe
c:\windows\system32\msdfru ow.exe
c:\windows\system32\msdga. exe
c:\windows\system32\msdgah o.exe
c:\windows\system32\msdgk. exe
c:\windows\system32\msdhb. exe
c:\windows\system32\msdhkf l.exe
c:\windows\system32\msdikz .exe
c:\windows\system32\msdina wi.exe
c:\windows\system32\msdjut c.exe
c:\windows\system32\msdlpn .exe
c:\windows\system32\msdmf. exe
c:\windows\system32\msdmsv x.exe
c:\windows\system32\msdnwq .exe
c:\windows\system32\msdodk pa.exe
c:\windows\system32\msdrgp km.exe
c:\windows\system32\msdrwt tl.exe
c:\windows\system32\msdupo .exe
c:\windows\system32\msdwex ge.exe
c:\windows\system32\msdybv bv.exe
c:\windows\system32\msdyt. exe
c:\windows\system32\msdyua .exe
c:\windows\system32\mseais t.exe
c:\windows\system32\mseavd ry.exe
c:\windows\system32\msebrb j.exe
c:\windows\system32\msecxr gq.exe
c:\windows\system32\mseddl .exe
c:\windows\system32\mseeey gy.exe
c:\windows\system32\msefsq bb.exe
c:\windows\system32\msefsx yx.exe
c:\windows\system32\msega. exe
c:\windows\system32\msego. exe
c:\windows\system32\msegxd qt.exe
c:\windows\system32\mseid. exe
c:\windows\system32\msejxw .exe
c:\windows\system32\msekfn ym.exe
c:\windows\system32\msekn. exe
c:\windows\system32\msekst uo.exe
c:\windows\system32\mselie v.exe
c:\windows\system32\msemqx iv.exe
c:\windows\system32\mseprb w.exe
c:\windows\system32\mserww .exe
c:\windows\system32\msestm o.exe
c:\windows\system32\msetex if.exe
c:\windows\system32\mseuad p.exe
c:\windows\system32\mseuh. exe
c:\windows\system32\mseyqe .exe
c:\windows\system32\msezb. exe
c:\windows\system32\msezhq .exe
c:\windows\system32\msfah. exe
c:\windows\system32\msfaug .exe
c:\windows\system32\msfay. exe
c:\windows\system32\msfcbx .exe
c:\windows\system32\msfdpk .exe
c:\windows\system32\msfdva ou.exe
c:\windows\system32\msferr ej.exe
c:\windows\system32\msffh. exe
c:\windows\system32\msffkr i.exe
c:\windows\system32\msffml b.exe
c:\windows\system32\msfftk t.exe
c:\windows\system32\msfgm. exe
c:\windows\system32\msfgn. exe
c:\windows\system32\msfgt. exe
c:\windows\system32\msfhls p.exe
c:\windows\system32\msfivm y.exe
c:\windows\system32\msfiwd k.exe
c:\windows\system32\msfjz. exe
c:\windows\system32\msfmu. exe
c:\windows\system32\msfort m.exe
c:\windows\system32\msfpp. exe
c:\windows\system32\msfpye .exe
c:\windows\system32\msfqh. exe
c:\windows\system32\msfqr. exe
c:\windows\system32\msfquv hj.exe
c:\windows\system32\msfsja nd.exe
c:\windows\system32\msftk. exe
c:\windows\system32\msfvjw .exe
c:\windows\system32\msfyk. exe
c:\windows\system32\msfzck ru.exe
c:\windows\system32\msgadd .exe
c:\windows\system32\msgbsd .exe
c:\windows\system32\msgdm. exe
c:\windows\system32\msgfi. exe
c:\windows\system32\msghdj za.exe
c:\windows\system32\msgjc. exe
c:\windows\system32\msgjcl .exe
c:\windows\system32\msgjec d.exe
c:\windows\system32\msgjfr fd.exe
c:\windows\system32\msgkvo m.exe
c:\windows\system32\msgkx. exe
c:\windows\system32\msgmhd uo.exe
c:\windows\system32\msgml. exe
c:\windows\system32\msgonz q.exe
c:\windows\system32\msgown .exe
c:\windows\system32\msgoxt qw.exe
c:\windows\system32\msgpst p.exe
c:\windows\system32\msgpwd jt.exe
c:\windows\system32\msgpzn .exe
c:\windows\system32\msgqeb .exe
c:\windows\system32\msgrmk .exe
c:\windows\system32\msgrx. exe
c:\windows\system32\msgtqm ow.exe
c:\windows\system32\msguqj h.exe
c:\windows\system32\msgvdv yf.exe
c:\windows\system32\msgvms bo.exe
c:\windows\system32\msgwml .exe
c:\windows\system32\msgxab r.exe
c:\windows\system32\msgyug v.exe
c:\windows\system32\msgzp. exe
c:\windows\system32\mshacq .exe
c:\windows\system32\mshar. exe
c:\windows\system32\mshcim .exe
c:\windows\system32\mshckf t.exe
c:\windows\system32\mshere .exe
c:\windows\system32\mshgg. exe
c:\windows\system32\mshgix t.exe
c:\windows\system32\mshgiy s.exe
c:\windows\system32\mshhit .exe
c:\windows\system32\mshhpo j.exe
c:\windows\system32\mshia. exe
c:\windows\system32\mshid. exe
c:\windows\system32\mshjao ng.exe
c:\windows\system32\mshjti kx.exe
c:\windows\system32\mshkqf .exe
c:\windows\system32\mshkr. exe
c:\windows\system32\mshnac .exe
c:\windows\system32\mshne. exe
c:\windows\system32\mshpui .exe
c:\windows\system32\mshqdw .exe
c:\windows\system32\mshrpm .exe
c:\windows\system32\mshsss .exe
c:\windows\system32\mshsvy f.exe
c:\windows\system32\mshtjd cu.exe
c:\windows\system32\mshubt .exe
c:\windows\system32\mshve. exe
c:\windows\system32\mshvgf k.exe
c:\windows\system32\mshwn. exe
c:\windows\system32\mshxqd .exe
c:\windows\system32\mshxsy .exe
c:\windows\system32\mshxy. exe
c:\windows\system32\mshya. exe
c:\windows\system32\mshyaj k.exe
c:\windows\system32\mshzt. exe
c:\windows\system32\msialk s.exe
c:\windows\system32\msiawm .exe
c:\windows\system32\msiclv .exe
c:\windows\system32\msictp pf.exe
c:\windows\system32\msidxp jq.exe
c:\windows\system32\msien. exe
c:\windows\system32\msiena .exe
c:\windows\system32\msifjp by.exe
c:\windows\system32\msigvy .exe
c:\windows\system32\msihea .exe
c:\windows\system32\msihxl .exe
c:\windows\system32\msijrp me.exe
c:\windows\system32\msikgx d.exe
c:\windows\system32\msiknz hs.exe
c:\windows\system32\msiloy z.exe
c:\windows\system32\msimf. exe
c:\windows\system32\msimqg .exe
c:\windows\system32\msinag .exe
c:\windows\system32\msinji y.exe
c:\windows\system32\msipow d.exe
c:\windows\system32\msiqwg .exe
c:\windows\system32\msirbb au.exe
c:\windows\system32\msirq. exe
c:\windows\system32\msirt. exe
c:\windows\system32\msisnk .exe
c:\windows\system32\msiuer .exe
c:\windows\system32\msiwr. exe
c:\windows\system32\msizom a.exe
c:\windows\system32\msizu. exe
c:\windows\system32\msizx. exe
c:\windows\system32\msjaix n.exe
c:\windows\system32\msjav. exe
c:\windows\system32\msjbsm d.exe
c:\windows\system32\msjehb it.exe
c:\windows\system32\msjgmu x.exe
c:\windows\system32\msjgwy cs.exe
c:\windows\system32\msjhom .exe
c:\windows\system32\msjhte .exe
c:\windows\system32\msjigu .exe
c:\windows\system32\msjjy. exe
c:\windows\system32\msjkla p.exe
c:\windows\system32\msjkvl xz.exe
c:\windows\system32\msjlod .exe
c:\windows\system32\msjlok mc.exe
c:\windows\system32\msjlpq c.exe
c:\windows\system32\msjls. exe
c:\windows\system32\msjnlg u.exe
c:\windows\system32\msjnx. exe
c:\windows\system32\msjoeh .exe
c:\windows\system32\msjokp sk.exe
c:\windows\system32\msjppy p.exe
c:\windows\system32\msjqv. exe
c:\windows\system32\msjrl. exe
c:\windows\system32\msjtqy g.exe
c:\windows\system32\msjuxr qz.exe
c:\windows\system32\msjvfk tb.exe
c:\windows\system32\msjvhe my.exe
c:\windows\system32\msjwj. exe
c:\windows\system32\msjxvf .exe
c:\windows\system32\msjxwv .exe
c:\windows\system32\msjyjt .exe
c:\windows\system32\msjyq. exe
c:\windows\system32\msjyub .exe
c:\windows\system32\mskbzo y.exe
c:\windows\system32\mskcue .exe
c:\windows\system32\mskda. exe
c:\windows\system32\mskdrg p.exe
c:\windows\system32\mskds. exe
c:\windows\system32\mskebk .exe
c:\windows\system32\mskfam .exe
c:\windows\system32\mskhfo i.exe
c:\windows\system32\mskhj. exe
c:\windows\system32\mskict ao.exe
c:\windows\system32\mskizn kn.exe
c:\windows\system32\mskjaa d.exe
c:\windows\system32\mskkk. exe
c:\windows\system32\mskkui .exe
c:\windows\system32\mskmaf s.exe
c:\windows\system32\mskmaq o.exe
c:\windows\system32\mskmzu er.exe
c:\windows\system32\mskol. exe
c:\windows\system32\mskoqr u.exe
c:\windows\system32\mskpk. exe
c:\windows\system32\mskqct .exe
c:\windows\system32\mskqj. exe
c:\windows\system32\mskrhe s.exe
c:\windows\system32\mskryo .exe
c:\windows\system32\mskryr .exe
c:\windows\system32\mskshv .exe
c:\windows\system32\msktay x.exe
c:\windows\system32\mskvki jy.exe
c:\windows\system32\mskwsg mh.exe
c:\windows\system32\mskxi. exe
c:\windows\system32\mskxk. exe
c:\windows\system32\mskxrp r.exe
c:\windows\system32\mskzme of.exe
c:\windows\system32\mslahg a.exe
c:\windows\system32\mslalb .exe
c:\windows\system32\mslcby x.exe
c:\windows\system32\mslcfd .exe
c:\windows\system32\mslcra q.exe
c:\windows\system32\msldvd .exe
c:\windows\system32\mslexj .exe
c:\windows\system32\mslghd ar.exe
c:\windows\system32\mslhdc t.exe
c:\windows\system32\mslhuc .exe
c:\windows\system32\mslikh s.exe
c:\windows\system32\msljin .exe
c:\windows\system32\msljxu ks.exe
c:\windows\system32\mslkzp .exe
c:\windows\system32\mslmle cf.exe
c:\windows\system32\mslmn. exe
c:\windows\system32\mslmx. exe
c:\windows\system32\mslngt qv.exe
c:\windows\system32\mslnlx wf.exe
c:\windows\system32\msloab ws.exe
c:\windows\system32\mslot. exe
c:\windows\system32\mslpd. exe
c:\windows\system32\mslpyh ew.exe
c:\windows\system32\mslqer pl.exe
c:\windows\system32\mslqgi b.exe
c:\windows\system32\mslqj. exe
c:\windows\system32\mslqk. exe
c:\windows\system32\mslqwn lz.exe
c:\windows\system32\mslqzs e.exe
c:\windows\system32\mslriv .exe
c:\windows\system32\mslrps .exe
c:\windows\system32\mslrt. exe
c:\windows\system32\msltgb .exe
c:\windows\system32\mslthm .exe
c:\windows\system32\msltun aa.exe
c:\windows\system32\msluu. exe
c:\windows\system32\mslvrw ry.exe
c:\windows\system32\mslvvz v.exe
c:\windows\system32\mslwgw .exe
c:\windows\system32\mslwnm q.exe
c:\windows\system32\mslxrd c.exe
c:\windows\system32\mslxto lg.exe
c:\windows\system32\mslyoe tv.exe
c:\windows\system32\mslzhm q.exe
c:\windows\system32\mslzpd l.exe
c:\windows\system32\msmaps j.exe
c:\windows\system32\msmbwj df.exe
c:\windows\system32\msmdqk .exe
c:\windows\system32\msmdyv a.exe
c:\windows\system32\msmfc. exe
c:\windows\system32\msmgde rk.exe
c:\windows\system32\msmgnr nq.exe
c:\windows\system32\msmgts .exe
c:\windows\system32\msmhir he.exe
c:\windows\system32\msmhma f.exe
c:\windows\system32\msmho. exe
c:\windows\system32\msmikb i.exe
c:\windows\system32\msmio. exe
c:\windows\system32\msmiuq .exe
c:\windows\system32\msmlo. exe
c:\windows\system32\msmmck .exe
c:\windows\system32\msmmj. exe
c:\windows\system32\msmnex .exe
c:\windows\system32\msmni. exe
c:\windows\system32\msmnn. exe
c:\windows\system32\msmnxz .exe
c:\windows\system32\msmopx .exe
c:\windows\system32\msmpkm a.exe
c:\windows\system32\msmqqp oe.exe
c:\windows\system32\msmrfz p.exe
c:\windows\system32\msmrsc b.exe
c:\windows\system32\msmryn wa.exe
c:\windows\system32\msmtsw q.exe
c:\windows\system32\msmugn ox.exe
c:\windows\system32\msmxkg ib.exe
c:\windows\system32\msmxuz s.exe
c:\windows\system32\msmyff .exe
c:\windows\system32\msmyqv op.exe
c:\windows\system32\msmywc o.exe
c:\windows\system32\msmzlj d.exe
c:\windows\system32\msnbj. exe
c:\windows\system32\msnbjw .exe
c:\windows\system32\msnbmd k.exe
c:\windows\system32\msnczm .exe
c:\windows\system32\msndal .exe
c:\windows\system32\msnde. exe
c:\windows\system32\msneh. exe
c:\windows\system32\msneum gy.exe
c:\windows\system32\msnfsi be.exe
c:\windows\system32\msngvz .exe
c:\windows\system32\msnit. exe
c:\windows\system32\msniv. exe
c:\windows\system32\msnjdf .exe
c:\windows\system32\msnkmq d.exe
c:\windows\system32\msnkrr .exe
c:\windows\system32\msnmx. exe
c:\windows\system32\msnmzq qp.exe
c:\windows\system32\msnnx. exe
c:\windows\system32\msnonc a.exe
c:\windows\system32\msnoyx .exe
c:\windows\system32\msnqge .exe
c:\windows\system32\msnqki l.exe
c:\windows\system32\msnrow oj.exe
c:\windows\system32\msnspb l.exe
c:\windows\system32\msnthh u.exe
c:\windows\system32\msntn. exe
c:\windows\system32\msnuw. exe
c:\windows\system32\msnwd. exe
c:\windows\system32\msnwp. exe
c:\windows\system32\msnxsb p.exe
c:\windows\system32\msnyg. exe
c:\windows\system32\msnzgj dn.exe
c:\windows\system32\msnzy. exe
c:\windows\system32\msoajv .exe
c:\windows\system32\msoaou ea.exe
c:\windows\system32\msocck w.exe
c:\windows\system32\msodo. exe
c:\windows\system32\msodx. exe
c:\windows\system32\msogdh l.exe
c:\windows\system32\msogxi y.exe
c:\windows\system32\msohmt ko.exe
c:\windows\system32\msojnd yv.exe
c:\windows\system32\msokj. exe
c:\windows\system32\msokse tq.exe
c:\windows\system32\msomwq .exe
c:\windows\system32\msonbi .exe
c:\windows\system32\msonil mj.exe
c:\windows\system32\msooek k.exe
c:\windows\system32\msopcm sh.exe
c:\windows\system32\msopz. exe
c:\windows\system32\msorfb og.exe
c:\windows\system32\msosgm n.exe
c:\windows\system32\msosis yk.exe
c:\windows\system32\msoush a.exe
c:\windows\system32\msouw. exe
c:\windows\system32\msouye xd.exe
c:\windows\system32\msowl. exe
c:\windows\system32\msoyf. exe
c:\windows\system32\msoyvf .exe
c:\windows\system32\msozpt j.exe
c:\windows\system32\msozy. exe
c:\windows\system32\mspacm k.exe
c:\windows\system32\mspbkf t.exe
c:\windows\system32\mspcc. exe
c:\windows\system32\mspcy. exe
c:\windows\system32\mspczl dp.exe
c:\windows\system32\mspglo ug.exe
c:\windows\system32\msphir j.exe
c:\windows\system32\msphkl c.exe
c:\windows\system32\msphyy jo.exe
c:\windows\system32\mspib. exe
c:\windows\system32\mspidh .exe
c:\windows\system32\mspigf p.exe
c:\windows\system32\mspjqc a.exe
c:\windows\system32\mspmfq ji.exe
c:\windows\system32\mspnfv .exe
c:\windows\system32\mspnpe t.exe
c:\windows\system32\mspolo b.exe
c:\windows\system32\mspom. exe
c:\windows\system32\msppki mj.exe
c:\windows\system32\mspplx m.exe
c:\windows\system32\msppm. exe
c:\windows\system32\msppsl h.exe
c:\windows\system32\mspptn ns.exe
c:\windows\system32\msppub m.exe
c:\windows\system32\mspqbr wg.exe
c:\windows\system32\mspsd. exe
c:\windows\system32\mspsu. exe
c:\windows\system32\msptke .exe
c:\windows\system32\msptuy qi.exe
c:\windows\system32\msptvm w.exe
c:\windows\system32\mspvcf y.exe
c:\windows\system32\mspvhm .exe
c:\windows\system32\mspvvu .exe
c:\windows\system32\mspwik c.exe
c:\windows\system32\mspwny l.exe
c:\windows\system32\mspyl. exe
c:\windows\system32\mspzro .exe
c:\windows\system32\msqcsu u.exe
c:\windows\system32\msqcyw .exe
c:\windows\system32\msqenx .exe
c:\windows\system32\msqfsa pr.exe
c:\windows\system32\msqgac d.exe
c:\windows\system32\msqhdb qa.exe
c:\windows\system32\msqimj .exe
c:\windows\system32\msqjxs t.exe
c:\windows\system32\msqlee m.exe
c:\windows\system32\msqmw. exe
c:\windows\system32\msqplz .exe
c:\windows\system32\msqrgt .exe
c:\windows\system32\msqrqr i.exe
c:\windows\system32\msqrtt bj.exe
c:\windows\system32\msqryo al.exe
c:\windows\system32\msqsp. exe
c:\windows\system32\msqsrq .exe
c:\windows\system32\msqstk .exe
c:\windows\system32\msqua. exe
c:\windows\system32\msqvzu d.exe
c:\windows\system32\msqwh. exe
c:\windows\system32\msqwrb xb.exe
c:\windows\system32\msqwzq cd.exe
c:\windows\system32\msqxlh .exe
c:\windows\system32\msqyj. exe
c:\windows\system32\msqzuj p.exe
c:\windows\system32\msrag. exe
c:\windows\system32\msrahj pt.exe
c:\windows\system32\msraiw qd.exe
c:\windows\system32\msrbiu o.exe
c:\windows\system32\msrcc. exe
c:\windows\system32\msrdq. exe
c:\windows\system32\msrdxz qm.exe
c:\windows\system32\msrekq n.exe
c:\windows\system32\msrepa f.exe
c:\windows\system32\msrgaw a.exe
c:\windows\system32\msrham rg.exe
c:\windows\system32\msrinf kd.exe
c:\windows\system32\msrkyq hf.exe
c:\windows\system32\msrlsv r.exe
c:\windows\system32\msrlty ek.exe
c:\windows\system32\msrmbu .exe
c:\windows\system32\msrnit .exe
c:\windows\system32\msrnlt h.exe
c:\windows\system32\msrpx. exe
c:\windows\system32\msrqh. exe
c:\windows\system32\msrtiu lh.exe
c:\windows\system32\msrvok .exe
c:\windows\system32\msrwwl .exe
c:\windows\system32\msryb. exe
c:\windows\system32\msrzii gi.exe
c:\windows\system32\msrzjc hp.exe
c:\windows\system32\mssakv qt.exe
c:\windows\system32\mssam. exe
c:\windows\system32\mssauv cr.exe
c:\windows\system32\mssbbs .exe
c:\windows\system32\mssbis .exe
c:\windows\system32\mssexr a.exe
c:\windows\system32\mssgma .exe
c:\windows\system32\mssid. exe
c:\windows\system32\mssiwc y.exe
c:\windows\system32\mssiyu gg.exe
c:\windows\system32\mssjy. exe
c:\windows\system32\msskcc .exe
c:\windows\system32\msslba o.exe
c:\windows\system32\msslo. exe
c:\windows\system32\msslps .exe
c:\windows\system32\msslsf dr.exe
c:\windows\system32\msslyq .exe
c:\windows\system32\msspv. exe
c:\windows\system32\mssqgr k.exe
c:\windows\system32\mssqph .exe
c:\windows\system32\mssqr. exe
c:\windows\system32\mssre. exe
c:\windows\system32\msssd. exe
c:\windows\system32\msssjz .exe
c:\windows\system32\mssss. exe
c:\windows\system32\mssyd. exe
c:\windows\system32\mssyib u.exe
c:\windows\system32\mssynq si.exe
c:\windows\system32\msszh. exe
c:\windows\system32\mstcez .exe
c:\windows\system32\mstcrn x.exe
c:\windows\system32\msteic .exe
c:\windows\system32\mstewo b.exe
c:\windows\system32\mstfq. exe
c:\windows\system32\mstfw. exe
c:\windows\system32\msthr. exe
c:\windows\system32\mstibd a.exe
c:\windows\system32\mstle. exe
c:\windows\system32\mstms. exe
c:\windows\system32\mstmvm c.exe
c:\windows\system32\mstoc. exe
c:\windows\system32\mstpbt .exe
c:\windows\system32\mstpc. exe
c:\windows\system32\mstpgi z.exe
c:\windows\system32\mstpgl .exe
c:\windows\system32\mstqxx o.exe
c:\windows\system32\mstrd. exe
c:\windows\system32\mstrdz .exe
c:\windows\system32\mstsff sa.exe
c:\windows\system32\mstttb s.exe
c:\windows\system32\mstuft .exe
c:\windows\system32\mstuza .exe
c:\windows\system32\mstvot p.exe
c:\windows\system32\mstwty wx.exe
c:\windows\system32\mstxj. exe
c:\windows\system32\mstxjg .exe
c:\windows\system32\mstxxd .exe
c:\windows\system32\mstyhs .exe
c:\windows\system32\mstzca e.exe
c:\windows\system32\mstzy. exe
c:\windows\system32\msuaa. exe
c:\windows\system32\msuajy k.exe
c:\windows\system32\msubat xr.exe
c:\windows\system32\msubeu zj.exe
c:\windows\system32\msubsx t.exe
c:\windows\system32\msudhm lu.exe
c:\windows\system32\msudot .exe
c:\windows\system32\msuds. exe
c:\windows\system32\msudzu .exe
c:\windows\system32\msufd. exe
c:\windows\system32\msufje w.exe
c:\windows\system32\msuhnu jx.exe
c:\windows\system32\msuihr .exe
c:\windows\system32\msujz. exe
c:\windows\system32\msukcc .exe
c:\windows\system32\msulsn .exe
c:\windows\system32\msump. exe
c:\windows\system32\msunfg rc.exe
c:\windows\system32\msunr. exe
c:\windows\system32\msupjb v.exe
c:\windows\system32\msuqg. exe
c:\windows\system32\msuqtd s.exe
c:\windows\system32\msurvb ju.exe
c:\windows\system32\msusa. exe
c:\windows\system32\msuskw h.exe
c:\windows\system32\msusvd bn.exe
c:\windows\system32\msutoi bn.exe
c:\windows\system32\msutq. exe
c:\windows\system32\msutto tt.exe
c:\windows\system32\msuvc. exe
c:\windows\system32\msuvel .exe
c:\windows\system32\msuvkn d.exe
c:\windows\system32\msuyc. exe
c:\windows\system32\msuyzo lx.exe
c:\windows\system32\msvagq .exe
c:\windows\system32\msvako el.exe
c:\windows\system32\msvaxb k.exe
c:\windows\system32\msvbqn .exe
c:\windows\system32\msvesf hl.exe
c:\windows\system32\msvexb ol.exe
c:\windows\system32\msvffj d.exe
c:\windows\system32\msvft. exe
c:\windows\system32\msvgqf .exe
c:\windows\system32\msvhcs q.exe
c:\windows\system32\msvhje .exe
c:\windows\system32\msviz. exe
c:\windows\system32\msvjny on.exe
c:\windows\system32\msvjxm zy.exe
c:\windows\system32\msvkhz .exe
c:\windows\system32\msvkjq c.exe
c:\windows\system32\msvkr. exe
c:\windows\system32\msvkxk s.exe
c:\windows\system32\msvky. exe
c:\windows\system32\msvlsv .exe
c:\windows\system32\msvnsq y.exe
c:\windows\system32\msvnz. exe
c:\windows\system32\msvofx ja.exe
c:\windows\system32\msvpac o.exe
c:\windows\system32\msvpir nd.exe
c:\windows\system32\msvqga .exe
c:\windows\system32\msvqog is.exe
c:\windows\system32\msvsmc xi.exe
c:\windows\system32\msvtsj .exe
c:\windows\system32\msvugs .exe
c:\windows\system32\msvwxv zd.exe
c:\windows\system32\msvxbx .exe
c:\windows\system32\msvxdl i.exe
c:\windows\system32\msvxv. exe
c:\windows\system32\msvxve o.exe
c:\windows\system32\msvypf n.exe
c:\windows\system32\msvyu. exe
c:\windows\system32\msvyx. exe
c:\windows\system32\msvzfc .exe
c:\windows\system32\msvzoj .exe
c:\windows\system32\msvzpz k.exe
c:\windows\system32\msvzzn .exe
c:\windows\system32\msway. exe
c:\windows\system32\mswbhz u.exe
c:\windows\system32\mswcff c.exe
c:\windows\system32\mswdar mt.exe
c:\windows\system32\msweye .exe
c:\windows\system32\mswfgz o.exe
c:\windows\system32\mswfs. exe
c:\windows\system32\mswgx. exe
c:\windows\system32\mswiq. exe
c:\windows\system32\mswjac m.exe
c:\windows\system32\mswjml vh.exe
c:\windows\system32\mswkcc dj.exe
c:\windows\system32\mswkxk o.exe
c:\windows\system32\mswoi. exe
c:\windows\system32\mswojm .exe
c:\windows\system32\mswpg. exe
c:\windows\system32\mswph. exe
c:\windows\system32\mswplf of.exe
c:\windows\system32\mswpoo om.exe
c:\windows\system32\mswrij .exe
c:\windows\system32\mswrt. exe
c:\windows\system32\mswrvd z.exe
c:\windows\system32\mswrvh .exe
c:\windows\system32\mswsol .exe
c:\windows\system32\mswtiq .exe
c:\windows\system32\mswtp. exe
c:\windows\system32\mswuv. exe
c:\windows\system32\mswvig sl.exe
c:\windows\system32\mswxkn .exe
c:\windows\system32\mswxrm .exe
c:\windows\system32\mswzs. exe
c:\windows\system32\msxagg vh.exe
c:\windows\system32\msxah. exe
c:\windows\system32\msxahf f.exe
c:\windows\system32\msxenn k.exe
c:\windows\system32\msxhv. exe
c:\windows\system32\msxkbi u.exe
c:\windows\system32\msxkoc u.exe
c:\windows\system32\msxmx. exe
c:\windows\system32\msxnk. exe
c:\windows\system32\msxogy .exe
c:\windows\system32\msxqu. exe
c:\windows\system32\msxrx. exe
c:\windows\system32\msxvme bm.exe
c:\windows\system32\msxvnl .exe
c:\windows\system32\msxwh. exe
c:\windows\system32\msxwhw .exe
c:\windows\system32\msxwkx .exe
c:\windows\system32\msxwnd .exe
c:\windows\system32\msyacl o.exe
c:\windows\system32\msybmw .exe
c:\windows\system32\msybof tu.exe
c:\windows\system32\msybrp m.exe
c:\windows\system32\msybvu fi.exe
c:\windows\system32\msybx. exe
c:\windows\system32\msycia .exe
c:\windows\system32\msycik zf.exe
c:\windows\system32\msycmr z.exe
c:\windows\system32\msydgq .exe
c:\windows\system32\msydpp yx.exe
c:\windows\system32\msydui ox.exe
c:\windows\system32\msyeoh .exe
c:\windows\system32\msyeq. exe
c:\windows\system32\msyfad y.exe
c:\windows\system32\msyfbe rw.exe
c:\windows\system32\msyfxm bd.exe
c:\windows\system32\msygh. exe
c:\windows\system32\msyhi. exe
c:\windows\system32\msyhou .exe
c:\windows\system32\msyhpy ki.exe
c:\windows\system32\msyia. exe
c:\windows\system32\msyior ne.exe
c:\windows\system32\msyizs lw.exe
c:\windows\system32\msyjff .exe
c:\windows\system32\msyjiv .exe
c:\windows\system32\msyku. exe
c:\windows\system32\msylc. exe
c:\windows\system32\msymjm .exe
c:\windows\system32\msyplj y.exe
c:\windows\system32\msyqgd .exe
c:\windows\system32\msyqqf .exe
c:\windows\system32\msyssn .exe
c:\windows\system32\msytp. exe
c:\windows\system32\msyux. exe
c:\windows\system32\msyvhn xr.exe
c:\windows\system32\msywvi u.exe
c:\windows\system32\msyxco k.exe
c:\windows\system32\msyxmk uq.exe
c:\windows\system32\msyyir ee.exe
c:\windows\system32\msyyp. exe
c:\windows\system32\msyzds .exe
c:\windows\system32\msyzgx mi.exe
c:\windows\system32\msyzkb h.exe
c:\windows\system32\mszbuj .exe
c:\windows\system32\mszbvt vz.exe
c:\windows\system32\mszcxj wg.exe
c:\windows\system32\mszfpw .exe
c:\windows\system32\mszgjv .exe
c:\windows\system32\mszgs. exe
c:\windows\system32\mszheg b.exe
c:\windows\system32\msziwk .exe
c:\windows\system32\mszjal .exe
c:\windows\system32\mszjer .exe
c:\windows\system32\mszjt. exe
c:\windows\system32\mszmaq .exe
c:\windows\system32\msznfv y.exe
c:\windows\system32\mszoqj aj.exe
c:\windows\system32\mszpub xv.exe
c:\windows\system32\mszquz yf.exe
c:\windows\system32\mszqze l.exe
c:\windows\system32\mszros wt.exe
c:\windows\system32\mszrv. exe
c:\windows\system32\mszss. exe
c:\windows\system32\mszsto .exe
c:\windows\system32\msztij yl.exe
c:\windows\system32\msztrc ji.exe
c:\windows\system32\mszvhz yh.exe
c:\windows\system32\mszwnk .exe
c:\windows\system32\mszwsc .exe
c:\windows\system32\mszxfs .exe
c:\windows\system32\mszxg. exe
c:\windows\system32\mszxzo e.exe
c:\windows\system32\mszyfn af.exe
c:\windows\system32\mszza. exe
c:\windows\system32\mszzvl .exe
c:\windows\system32\mszzx. exe
c:\windows\system32\pcmstu b.sys
c:\windows\system32\wbem\p roquota.ex e
c:\windows\system32\wiawow 32.sys
c:\windows\system32\proquo ta.exe was missing
Restored copy from - c:\i386\proquota.exe
.
(((((((((((((((((((((((((( (((((((((( ((( Drivers/Services )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Legacy_{79007602-0 CDB-4405-9 DBF-1257BB 3226ED}
-------\Legacy_{79007602-0 CDB-4405-9 DBF-1257BB 3226EE}
-------\Service_drv
-------\Service_pcmstub
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))) )))))
.
2009-07-07 00:41 . 2009-07-07 05:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\driver s\mbamswis sarmy.sys
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\driver s\mbam.sys
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca l Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi neStore
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf 03635
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-04 11:15 . 2009-07-04 11:15 -------- d-----w- C:\_828453_
2009-07-04 00:01 . 2009-07-04 00:01 214 ----a-w- c:\windows\567788.bat
2009-07-03 10:33 . 2009-07-03 10:33 -------- d-----w- c:\program files\drv
2009-07-03 10:28 . 2009-07-03 10:28 28672 ----a-w- C:\fdvjfx.exe
2009-07-03 10:27 . 2009-07-03 10:28 219645 ----a-w- C:\gklrwl.exe
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
2009-07-03 10:26 . 1980-08-17 00:00 28160 ----a-w- C:\tcburi.exe.dat
2009-07-03 10:25 . 2009-07-03 10:26 39424 ----a-w- C:\tcburi.exe
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA vL.sys
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D 6373.sys
2009-07-04 11:24 . 2009-07-03 10:35 4 ---h--w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals pl.dll
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine t.dll
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco de.dll
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k .sys
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4 .dll
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe " [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"ehTray"="c:\windows\ehome \ehtray.ex e" [2005-09-29 67584]
"DLCCCATS"="c:\windows\Sys tem32\spoo l\DRIVERS\ W32X86\3\D LCCtime.dl l" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatc h Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy. exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe " [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
[HKEY_USERS\.DEFAULT\Softw are\Micros oft\Window s\CurrentV ersion\Run ]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC4 7739-3BB0- 4494-A43D- 193BF54070 AE}\Icon3E 5562ED7.ic o [2008-11-22 6144]
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Koda k EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda k EasyShare software.lnk
backup=c:\windows\pss\Koda k EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^KODA K Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA K Software Updater.lnk
backup=c:\windows\pss\KODA K Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Micr osoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr osoft Office.lnk
backup=c:\windows\pss\Micr osoft Office.lnkCommon Startup
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile\Auth orizedAppl ications\L ist]
"%windir%\\system32\\sessm gr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.e xe"=
"c:\\Program Files\\iTunes\\iTunes.exe" =
"c:\\Program Files\\Grisoft\\AVG7\\avga msvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avge mc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e xe"=
R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/3/2009 5:33 AM 9344]
S1 wnowuxog;wnowuxog;\??\c:\w indows\sys tem32\driv ers\wnowux og.sys --> c:\windows\system32\driver s\wnowuxog .sys [?]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mediacomtoday.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3 19559290BF A} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 00:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
DLCCCATS = rundll32 c:\windows\System32\spool\ DRIVERS\W3 2X86\3\DLC Ctime.dll, _RunDLLEnt ry@16????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa re\Determi nisticNetw orks\DNE\P arameters]
"SymbolicLinkValue"=hex(6) :5c,00,52, 00,65,00,6 7,00,69,00 ,73,00,74, 00,72,00,7 9,
00,5c,00,4d,00,41,00,43,00 ,48,00,49, 00,4e,00,4 5,00,5c,00 ,53,00,79, 00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\shdocl c.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\ehome\ehrecvr.e xe
c:\windows\ehome\ehSched.e xe
c:\windows\ehome\mcrdsvc.e xe
c:\windows\system32\dllhos t.exe
c:\windows\system32\wscntf y.exe
c:\windows\ehome\ehmsas.ex e
.
************************** ********** ********** ********** ********** ********
.
Completion time: 2009-07-07 1:00 - machine was rebooted
ComboFix-quarantined-files .txt 2009-07-07 06:00
Pre-Run: 62,457,442,304 bytes free
Post-Run: 62,367,428,608 bytes free
926 --- E O F --- 2009-07-07 02:23
I hadn't heard of Combofix before. What a snazzy program. I hope this log gives a better insight to the problem..
Thanks for the advice!
ComboFix 09-07-06.02 - Tom Cosat 07/07/2009 0:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((
.
C:\-2002013530
c:\windows\010112010146118
c:\windows\010112010146484
c:\windows\Install.txt
c:\windows\Installer\538f9
c:\windows\kb913800.exe
c:\windows\system32\mscevt
c:\windows\system32\mscggc
c:\windows\system32\mscgki
c:\windows\system32\mschu.
c:\windows\system32\mscig.
c:\windows\system32\mscixy
c:\windows\system32\msckm.
c:\windows\system32\msckns
c:\windows\system32\mscku.
c:\windows\system32\mscngc
c:\windows\system32\mscnjg
c:\windows\system32\mscnys
c:\windows\system32\mscpbq
c:\windows\system32\mscpof
c:\windows\system32\mscqjg
c:\windows\system32\mscqty
c:\windows\system32\mscrb.
c:\windows\system32\mscrsb
c:\windows\system32\mscruj
c:\windows\system32\mscrut
c:\windows\system32\mscudj
c:\windows\system32\mscvfn
c:\windows\system32\mscyzz
c:\windows\system32\msdaii
c:\windows\system32\msdcf.
c:\windows\system32\msdcrj
c:\windows\system32\msdcv.
c:\windows\system32\msddre
c:\windows\system32\msdefx
c:\windows\system32\msdeow
c:\windows\system32\msdfoh
c:\windows\system32\msdfru
c:\windows\system32\msdga.
c:\windows\system32\msdgah
c:\windows\system32\msdgk.
c:\windows\system32\msdhb.
c:\windows\system32\msdhkf
c:\windows\system32\msdikz
c:\windows\system32\msdina
c:\windows\system32\msdjut
c:\windows\system32\msdlpn
c:\windows\system32\msdmf.
c:\windows\system32\msdmsv
c:\windows\system32\msdnwq
c:\windows\system32\msdodk
c:\windows\system32\msdrgp
c:\windows\system32\msdrwt
c:\windows\system32\msdupo
c:\windows\system32\msdwex
c:\windows\system32\msdybv
c:\windows\system32\msdyt.
c:\windows\system32\msdyua
c:\windows\system32\mseais
c:\windows\system32\mseavd
c:\windows\system32\msebrb
c:\windows\system32\msecxr
c:\windows\system32\mseddl
c:\windows\system32\mseeey
c:\windows\system32\msefsq
c:\windows\system32\msefsx
c:\windows\system32\msega.
c:\windows\system32\msego.
c:\windows\system32\msegxd
c:\windows\system32\mseid.
c:\windows\system32\msejxw
c:\windows\system32\msekfn
c:\windows\system32\msekn.
c:\windows\system32\msekst
c:\windows\system32\mselie
c:\windows\system32\msemqx
c:\windows\system32\mseprb
c:\windows\system32\mserww
c:\windows\system32\msestm
c:\windows\system32\msetex
c:\windows\system32\mseuad
c:\windows\system32\mseuh.
c:\windows\system32\mseyqe
c:\windows\system32\msezb.
c:\windows\system32\msezhq
c:\windows\system32\msfah.
c:\windows\system32\msfaug
c:\windows\system32\msfay.
c:\windows\system32\msfcbx
c:\windows\system32\msfdpk
c:\windows\system32\msfdva
c:\windows\system32\msferr
c:\windows\system32\msffh.
c:\windows\system32\msffkr
c:\windows\system32\msffml
c:\windows\system32\msfftk
c:\windows\system32\msfgm.
c:\windows\system32\msfgn.
c:\windows\system32\msfgt.
c:\windows\system32\msfhls
c:\windows\system32\msfivm
c:\windows\system32\msfiwd
c:\windows\system32\msfjz.
c:\windows\system32\msfmu.
c:\windows\system32\msfort
c:\windows\system32\msfpp.
c:\windows\system32\msfpye
c:\windows\system32\msfqh.
c:\windows\system32\msfqr.
c:\windows\system32\msfquv
c:\windows\system32\msfsja
c:\windows\system32\msftk.
c:\windows\system32\msfvjw
c:\windows\system32\msfyk.
c:\windows\system32\msfzck
c:\windows\system32\msgadd
c:\windows\system32\msgbsd
c:\windows\system32\msgdm.
c:\windows\system32\msgfi.
c:\windows\system32\msghdj
c:\windows\system32\msgjc.
c:\windows\system32\msgjcl
c:\windows\system32\msgjec
c:\windows\system32\msgjfr
c:\windows\system32\msgkvo
c:\windows\system32\msgkx.
c:\windows\system32\msgmhd
c:\windows\system32\msgml.
c:\windows\system32\msgonz
c:\windows\system32\msgown
c:\windows\system32\msgoxt
c:\windows\system32\msgpst
c:\windows\system32\msgpwd
c:\windows\system32\msgpzn
c:\windows\system32\msgqeb
c:\windows\system32\msgrmk
c:\windows\system32\msgrx.
c:\windows\system32\msgtqm
c:\windows\system32\msguqj
c:\windows\system32\msgvdv
c:\windows\system32\msgvms
c:\windows\system32\msgwml
c:\windows\system32\msgxab
c:\windows\system32\msgyug
c:\windows\system32\msgzp.
c:\windows\system32\mshacq
c:\windows\system32\mshar.
c:\windows\system32\mshcim
c:\windows\system32\mshckf
c:\windows\system32\mshere
c:\windows\system32\mshgg.
c:\windows\system32\mshgix
c:\windows\system32\mshgiy
c:\windows\system32\mshhit
c:\windows\system32\mshhpo
c:\windows\system32\mshia.
c:\windows\system32\mshid.
c:\windows\system32\mshjao
c:\windows\system32\mshjti
c:\windows\system32\mshkqf
c:\windows\system32\mshkr.
c:\windows\system32\mshnac
c:\windows\system32\mshne.
c:\windows\system32\mshpui
c:\windows\system32\mshqdw
c:\windows\system32\mshrpm
c:\windows\system32\mshsss
c:\windows\system32\mshsvy
c:\windows\system32\mshtjd
c:\windows\system32\mshubt
c:\windows\system32\mshve.
c:\windows\system32\mshvgf
c:\windows\system32\mshwn.
c:\windows\system32\mshxqd
c:\windows\system32\mshxsy
c:\windows\system32\mshxy.
c:\windows\system32\mshya.
c:\windows\system32\mshyaj
c:\windows\system32\mshzt.
c:\windows\system32\msialk
c:\windows\system32\msiawm
c:\windows\system32\msiclv
c:\windows\system32\msictp
c:\windows\system32\msidxp
c:\windows\system32\msien.
c:\windows\system32\msiena
c:\windows\system32\msifjp
c:\windows\system32\msigvy
c:\windows\system32\msihea
c:\windows\system32\msihxl
c:\windows\system32\msijrp
c:\windows\system32\msikgx
c:\windows\system32\msiknz
c:\windows\system32\msiloy
c:\windows\system32\msimf.
c:\windows\system32\msimqg
c:\windows\system32\msinag
c:\windows\system32\msinji
c:\windows\system32\msipow
c:\windows\system32\msiqwg
c:\windows\system32\msirbb
c:\windows\system32\msirq.
c:\windows\system32\msirt.
c:\windows\system32\msisnk
c:\windows\system32\msiuer
c:\windows\system32\msiwr.
c:\windows\system32\msizom
c:\windows\system32\msizu.
c:\windows\system32\msizx.
c:\windows\system32\msjaix
c:\windows\system32\msjav.
c:\windows\system32\msjbsm
c:\windows\system32\msjehb
c:\windows\system32\msjgmu
c:\windows\system32\msjgwy
c:\windows\system32\msjhom
c:\windows\system32\msjhte
c:\windows\system32\msjigu
c:\windows\system32\msjjy.
c:\windows\system32\msjkla
c:\windows\system32\msjkvl
c:\windows\system32\msjlod
c:\windows\system32\msjlok
c:\windows\system32\msjlpq
c:\windows\system32\msjls.
c:\windows\system32\msjnlg
c:\windows\system32\msjnx.
c:\windows\system32\msjoeh
c:\windows\system32\msjokp
c:\windows\system32\msjppy
c:\windows\system32\msjqv.
c:\windows\system32\msjrl.
c:\windows\system32\msjtqy
c:\windows\system32\msjuxr
c:\windows\system32\msjvfk
c:\windows\system32\msjvhe
c:\windows\system32\msjwj.
c:\windows\system32\msjxvf
c:\windows\system32\msjxwv
c:\windows\system32\msjyjt
c:\windows\system32\msjyq.
c:\windows\system32\msjyub
c:\windows\system32\mskbzo
c:\windows\system32\mskcue
c:\windows\system32\mskda.
c:\windows\system32\mskdrg
c:\windows\system32\mskds.
c:\windows\system32\mskebk
c:\windows\system32\mskfam
c:\windows\system32\mskhfo
c:\windows\system32\mskhj.
c:\windows\system32\mskict
c:\windows\system32\mskizn
c:\windows\system32\mskjaa
c:\windows\system32\mskkk.
c:\windows\system32\mskkui
c:\windows\system32\mskmaf
c:\windows\system32\mskmaq
c:\windows\system32\mskmzu
c:\windows\system32\mskol.
c:\windows\system32\mskoqr
c:\windows\system32\mskpk.
c:\windows\system32\mskqct
c:\windows\system32\mskqj.
c:\windows\system32\mskrhe
c:\windows\system32\mskryo
c:\windows\system32\mskryr
c:\windows\system32\mskshv
c:\windows\system32\msktay
c:\windows\system32\mskvki
c:\windows\system32\mskwsg
c:\windows\system32\mskxi.
c:\windows\system32\mskxk.
c:\windows\system32\mskxrp
c:\windows\system32\mskzme
c:\windows\system32\mslahg
c:\windows\system32\mslalb
c:\windows\system32\mslcby
c:\windows\system32\mslcfd
c:\windows\system32\mslcra
c:\windows\system32\msldvd
c:\windows\system32\mslexj
c:\windows\system32\mslghd
c:\windows\system32\mslhdc
c:\windows\system32\mslhuc
c:\windows\system32\mslikh
c:\windows\system32\msljin
c:\windows\system32\msljxu
c:\windows\system32\mslkzp
c:\windows\system32\mslmle
c:\windows\system32\mslmn.
c:\windows\system32\mslmx.
c:\windows\system32\mslngt
c:\windows\system32\mslnlx
c:\windows\system32\msloab
c:\windows\system32\mslot.
c:\windows\system32\mslpd.
c:\windows\system32\mslpyh
c:\windows\system32\mslqer
c:\windows\system32\mslqgi
c:\windows\system32\mslqj.
c:\windows\system32\mslqk.
c:\windows\system32\mslqwn
c:\windows\system32\mslqzs
c:\windows\system32\mslriv
c:\windows\system32\mslrps
c:\windows\system32\mslrt.
c:\windows\system32\msltgb
c:\windows\system32\mslthm
c:\windows\system32\msltun
c:\windows\system32\msluu.
c:\windows\system32\mslvrw
c:\windows\system32\mslvvz
c:\windows\system32\mslwgw
c:\windows\system32\mslwnm
c:\windows\system32\mslxrd
c:\windows\system32\mslxto
c:\windows\system32\mslyoe
c:\windows\system32\mslzhm
c:\windows\system32\mslzpd
c:\windows\system32\msmaps
c:\windows\system32\msmbwj
c:\windows\system32\msmdqk
c:\windows\system32\msmdyv
c:\windows\system32\msmfc.
c:\windows\system32\msmgde
c:\windows\system32\msmgnr
c:\windows\system32\msmgts
c:\windows\system32\msmhir
c:\windows\system32\msmhma
c:\windows\system32\msmho.
c:\windows\system32\msmikb
c:\windows\system32\msmio.
c:\windows\system32\msmiuq
c:\windows\system32\msmlo.
c:\windows\system32\msmmck
c:\windows\system32\msmmj.
c:\windows\system32\msmnex
c:\windows\system32\msmni.
c:\windows\system32\msmnn.
c:\windows\system32\msmnxz
c:\windows\system32\msmopx
c:\windows\system32\msmpkm
c:\windows\system32\msmqqp
c:\windows\system32\msmrfz
c:\windows\system32\msmrsc
c:\windows\system32\msmryn
c:\windows\system32\msmtsw
c:\windows\system32\msmugn
c:\windows\system32\msmxkg
c:\windows\system32\msmxuz
c:\windows\system32\msmyff
c:\windows\system32\msmyqv
c:\windows\system32\msmywc
c:\windows\system32\msmzlj
c:\windows\system32\msnbj.
c:\windows\system32\msnbjw
c:\windows\system32\msnbmd
c:\windows\system32\msnczm
c:\windows\system32\msndal
c:\windows\system32\msnde.
c:\windows\system32\msneh.
c:\windows\system32\msneum
c:\windows\system32\msnfsi
c:\windows\system32\msngvz
c:\windows\system32\msnit.
c:\windows\system32\msniv.
c:\windows\system32\msnjdf
c:\windows\system32\msnkmq
c:\windows\system32\msnkrr
c:\windows\system32\msnmx.
c:\windows\system32\msnmzq
c:\windows\system32\msnnx.
c:\windows\system32\msnonc
c:\windows\system32\msnoyx
c:\windows\system32\msnqge
c:\windows\system32\msnqki
c:\windows\system32\msnrow
c:\windows\system32\msnspb
c:\windows\system32\msnthh
c:\windows\system32\msntn.
c:\windows\system32\msnuw.
c:\windows\system32\msnwd.
c:\windows\system32\msnwp.
c:\windows\system32\msnxsb
c:\windows\system32\msnyg.
c:\windows\system32\msnzgj
c:\windows\system32\msnzy.
c:\windows\system32\msoajv
c:\windows\system32\msoaou
c:\windows\system32\msocck
c:\windows\system32\msodo.
c:\windows\system32\msodx.
c:\windows\system32\msogdh
c:\windows\system32\msogxi
c:\windows\system32\msohmt
c:\windows\system32\msojnd
c:\windows\system32\msokj.
c:\windows\system32\msokse
c:\windows\system32\msomwq
c:\windows\system32\msonbi
c:\windows\system32\msonil
c:\windows\system32\msooek
c:\windows\system32\msopcm
c:\windows\system32\msopz.
c:\windows\system32\msorfb
c:\windows\system32\msosgm
c:\windows\system32\msosis
c:\windows\system32\msoush
c:\windows\system32\msouw.
c:\windows\system32\msouye
c:\windows\system32\msowl.
c:\windows\system32\msoyf.
c:\windows\system32\msoyvf
c:\windows\system32\msozpt
c:\windows\system32\msozy.
c:\windows\system32\mspacm
c:\windows\system32\mspbkf
c:\windows\system32\mspcc.
c:\windows\system32\mspcy.
c:\windows\system32\mspczl
c:\windows\system32\mspglo
c:\windows\system32\msphir
c:\windows\system32\msphkl
c:\windows\system32\msphyy
c:\windows\system32\mspib.
c:\windows\system32\mspidh
c:\windows\system32\mspigf
c:\windows\system32\mspjqc
c:\windows\system32\mspmfq
c:\windows\system32\mspnfv
c:\windows\system32\mspnpe
c:\windows\system32\mspolo
c:\windows\system32\mspom.
c:\windows\system32\msppki
c:\windows\system32\mspplx
c:\windows\system32\msppm.
c:\windows\system32\msppsl
c:\windows\system32\mspptn
c:\windows\system32\msppub
c:\windows\system32\mspqbr
c:\windows\system32\mspsd.
c:\windows\system32\mspsu.
c:\windows\system32\msptke
c:\windows\system32\msptuy
c:\windows\system32\msptvm
c:\windows\system32\mspvcf
c:\windows\system32\mspvhm
c:\windows\system32\mspvvu
c:\windows\system32\mspwik
c:\windows\system32\mspwny
c:\windows\system32\mspyl.
c:\windows\system32\mspzro
c:\windows\system32\msqcsu
c:\windows\system32\msqcyw
c:\windows\system32\msqenx
c:\windows\system32\msqfsa
c:\windows\system32\msqgac
c:\windows\system32\msqhdb
c:\windows\system32\msqimj
c:\windows\system32\msqjxs
c:\windows\system32\msqlee
c:\windows\system32\msqmw.
c:\windows\system32\msqplz
c:\windows\system32\msqrgt
c:\windows\system32\msqrqr
c:\windows\system32\msqrtt
c:\windows\system32\msqryo
c:\windows\system32\msqsp.
c:\windows\system32\msqsrq
c:\windows\system32\msqstk
c:\windows\system32\msqua.
c:\windows\system32\msqvzu
c:\windows\system32\msqwh.
c:\windows\system32\msqwrb
c:\windows\system32\msqwzq
c:\windows\system32\msqxlh
c:\windows\system32\msqyj.
c:\windows\system32\msqzuj
c:\windows\system32\msrag.
c:\windows\system32\msrahj
c:\windows\system32\msraiw
c:\windows\system32\msrbiu
c:\windows\system32\msrcc.
c:\windows\system32\msrdq.
c:\windows\system32\msrdxz
c:\windows\system32\msrekq
c:\windows\system32\msrepa
c:\windows\system32\msrgaw
c:\windows\system32\msrham
c:\windows\system32\msrinf
c:\windows\system32\msrkyq
c:\windows\system32\msrlsv
c:\windows\system32\msrlty
c:\windows\system32\msrmbu
c:\windows\system32\msrnit
c:\windows\system32\msrnlt
c:\windows\system32\msrpx.
c:\windows\system32\msrqh.
c:\windows\system32\msrtiu
c:\windows\system32\msrvok
c:\windows\system32\msrwwl
c:\windows\system32\msryb.
c:\windows\system32\msrzii
c:\windows\system32\msrzjc
c:\windows\system32\mssakv
c:\windows\system32\mssam.
c:\windows\system32\mssauv
c:\windows\system32\mssbbs
c:\windows\system32\mssbis
c:\windows\system32\mssexr
c:\windows\system32\mssgma
c:\windows\system32\mssid.
c:\windows\system32\mssiwc
c:\windows\system32\mssiyu
c:\windows\system32\mssjy.
c:\windows\system32\msskcc
c:\windows\system32\msslba
c:\windows\system32\msslo.
c:\windows\system32\msslps
c:\windows\system32\msslsf
c:\windows\system32\msslyq
c:\windows\system32\msspv.
c:\windows\system32\mssqgr
c:\windows\system32\mssqph
c:\windows\system32\mssqr.
c:\windows\system32\mssre.
c:\windows\system32\msssd.
c:\windows\system32\msssjz
c:\windows\system32\mssss.
c:\windows\system32\mssyd.
c:\windows\system32\mssyib
c:\windows\system32\mssynq
c:\windows\system32\msszh.
c:\windows\system32\mstcez
c:\windows\system32\mstcrn
c:\windows\system32\msteic
c:\windows\system32\mstewo
c:\windows\system32\mstfq.
c:\windows\system32\mstfw.
c:\windows\system32\msthr.
c:\windows\system32\mstibd
c:\windows\system32\mstle.
c:\windows\system32\mstms.
c:\windows\system32\mstmvm
c:\windows\system32\mstoc.
c:\windows\system32\mstpbt
c:\windows\system32\mstpc.
c:\windows\system32\mstpgi
c:\windows\system32\mstpgl
c:\windows\system32\mstqxx
c:\windows\system32\mstrd.
c:\windows\system32\mstrdz
c:\windows\system32\mstsff
c:\windows\system32\mstttb
c:\windows\system32\mstuft
c:\windows\system32\mstuza
c:\windows\system32\mstvot
c:\windows\system32\mstwty
c:\windows\system32\mstxj.
c:\windows\system32\mstxjg
c:\windows\system32\mstxxd
c:\windows\system32\mstyhs
c:\windows\system32\mstzca
c:\windows\system32\mstzy.
c:\windows\system32\msuaa.
c:\windows\system32\msuajy
c:\windows\system32\msubat
c:\windows\system32\msubeu
c:\windows\system32\msubsx
c:\windows\system32\msudhm
c:\windows\system32\msudot
c:\windows\system32\msuds.
c:\windows\system32\msudzu
c:\windows\system32\msufd.
c:\windows\system32\msufje
c:\windows\system32\msuhnu
c:\windows\system32\msuihr
c:\windows\system32\msujz.
c:\windows\system32\msukcc
c:\windows\system32\msulsn
c:\windows\system32\msump.
c:\windows\system32\msunfg
c:\windows\system32\msunr.
c:\windows\system32\msupjb
c:\windows\system32\msuqg.
c:\windows\system32\msuqtd
c:\windows\system32\msurvb
c:\windows\system32\msusa.
c:\windows\system32\msuskw
c:\windows\system32\msusvd
c:\windows\system32\msutoi
c:\windows\system32\msutq.
c:\windows\system32\msutto
c:\windows\system32\msuvc.
c:\windows\system32\msuvel
c:\windows\system32\msuvkn
c:\windows\system32\msuyc.
c:\windows\system32\msuyzo
c:\windows\system32\msvagq
c:\windows\system32\msvako
c:\windows\system32\msvaxb
c:\windows\system32\msvbqn
c:\windows\system32\msvesf
c:\windows\system32\msvexb
c:\windows\system32\msvffj
c:\windows\system32\msvft.
c:\windows\system32\msvgqf
c:\windows\system32\msvhcs
c:\windows\system32\msvhje
c:\windows\system32\msviz.
c:\windows\system32\msvjny
c:\windows\system32\msvjxm
c:\windows\system32\msvkhz
c:\windows\system32\msvkjq
c:\windows\system32\msvkr.
c:\windows\system32\msvkxk
c:\windows\system32\msvky.
c:\windows\system32\msvlsv
c:\windows\system32\msvnsq
c:\windows\system32\msvnz.
c:\windows\system32\msvofx
c:\windows\system32\msvpac
c:\windows\system32\msvpir
c:\windows\system32\msvqga
c:\windows\system32\msvqog
c:\windows\system32\msvsmc
c:\windows\system32\msvtsj
c:\windows\system32\msvugs
c:\windows\system32\msvwxv
c:\windows\system32\msvxbx
c:\windows\system32\msvxdl
c:\windows\system32\msvxv.
c:\windows\system32\msvxve
c:\windows\system32\msvypf
c:\windows\system32\msvyu.
c:\windows\system32\msvyx.
c:\windows\system32\msvzfc
c:\windows\system32\msvzoj
c:\windows\system32\msvzpz
c:\windows\system32\msvzzn
c:\windows\system32\msway.
c:\windows\system32\mswbhz
c:\windows\system32\mswcff
c:\windows\system32\mswdar
c:\windows\system32\msweye
c:\windows\system32\mswfgz
c:\windows\system32\mswfs.
c:\windows\system32\mswgx.
c:\windows\system32\mswiq.
c:\windows\system32\mswjac
c:\windows\system32\mswjml
c:\windows\system32\mswkcc
c:\windows\system32\mswkxk
c:\windows\system32\mswoi.
c:\windows\system32\mswojm
c:\windows\system32\mswpg.
c:\windows\system32\mswph.
c:\windows\system32\mswplf
c:\windows\system32\mswpoo
c:\windows\system32\mswrij
c:\windows\system32\mswrt.
c:\windows\system32\mswrvd
c:\windows\system32\mswrvh
c:\windows\system32\mswsol
c:\windows\system32\mswtiq
c:\windows\system32\mswtp.
c:\windows\system32\mswuv.
c:\windows\system32\mswvig
c:\windows\system32\mswxkn
c:\windows\system32\mswxrm
c:\windows\system32\mswzs.
c:\windows\system32\msxagg
c:\windows\system32\msxah.
c:\windows\system32\msxahf
c:\windows\system32\msxenn
c:\windows\system32\msxhv.
c:\windows\system32\msxkbi
c:\windows\system32\msxkoc
c:\windows\system32\msxmx.
c:\windows\system32\msxnk.
c:\windows\system32\msxogy
c:\windows\system32\msxqu.
c:\windows\system32\msxrx.
c:\windows\system32\msxvme
c:\windows\system32\msxvnl
c:\windows\system32\msxwh.
c:\windows\system32\msxwhw
c:\windows\system32\msxwkx
c:\windows\system32\msxwnd
c:\windows\system32\msyacl
c:\windows\system32\msybmw
c:\windows\system32\msybof
c:\windows\system32\msybrp
c:\windows\system32\msybvu
c:\windows\system32\msybx.
c:\windows\system32\msycia
c:\windows\system32\msycik
c:\windows\system32\msycmr
c:\windows\system32\msydgq
c:\windows\system32\msydpp
c:\windows\system32\msydui
c:\windows\system32\msyeoh
c:\windows\system32\msyeq.
c:\windows\system32\msyfad
c:\windows\system32\msyfbe
c:\windows\system32\msyfxm
c:\windows\system32\msygh.
c:\windows\system32\msyhi.
c:\windows\system32\msyhou
c:\windows\system32\msyhpy
c:\windows\system32\msyia.
c:\windows\system32\msyior
c:\windows\system32\msyizs
c:\windows\system32\msyjff
c:\windows\system32\msyjiv
c:\windows\system32\msyku.
c:\windows\system32\msylc.
c:\windows\system32\msymjm
c:\windows\system32\msyplj
c:\windows\system32\msyqgd
c:\windows\system32\msyqqf
c:\windows\system32\msyssn
c:\windows\system32\msytp.
c:\windows\system32\msyux.
c:\windows\system32\msyvhn
c:\windows\system32\msywvi
c:\windows\system32\msyxco
c:\windows\system32\msyxmk
c:\windows\system32\msyyir
c:\windows\system32\msyyp.
c:\windows\system32\msyzds
c:\windows\system32\msyzgx
c:\windows\system32\msyzkb
c:\windows\system32\mszbuj
c:\windows\system32\mszbvt
c:\windows\system32\mszcxj
c:\windows\system32\mszfpw
c:\windows\system32\mszgjv
c:\windows\system32\mszgs.
c:\windows\system32\mszheg
c:\windows\system32\msziwk
c:\windows\system32\mszjal
c:\windows\system32\mszjer
c:\windows\system32\mszjt.
c:\windows\system32\mszmaq
c:\windows\system32\msznfv
c:\windows\system32\mszoqj
c:\windows\system32\mszpub
c:\windows\system32\mszquz
c:\windows\system32\mszqze
c:\windows\system32\mszros
c:\windows\system32\mszrv.
c:\windows\system32\mszss.
c:\windows\system32\mszsto
c:\windows\system32\msztij
c:\windows\system32\msztrc
c:\windows\system32\mszvhz
c:\windows\system32\mszwnk
c:\windows\system32\mszwsc
c:\windows\system32\mszxfs
c:\windows\system32\mszxg.
c:\windows\system32\mszxzo
c:\windows\system32\mszyfn
c:\windows\system32\mszza.
c:\windows\system32\mszzvl
c:\windows\system32\mszzx.
c:\windows\system32\pcmstu
c:\windows\system32\wbem\p
c:\windows\system32\wiawow
c:\windows\system32\proquo
Restored copy from - c:\i386\proquota.exe
.
((((((((((((((((((((((((((
.
-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Legacy_{79007602-0
-------\Legacy_{79007602-0
-------\Service_drv
-------\Service_pcmstub
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))
.
2009-07-07 00:41 . 2009-07-07 05:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\driver
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\driver
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-04 11:15 . 2009-07-04 11:15 -------- d-----w- C:\_828453_
2009-07-04 00:01 . 2009-07-04 00:01 214 ----a-w- c:\windows\567788.bat
2009-07-03 10:33 . 2009-07-03 10:33 -------- d-----w- c:\program files\drv
2009-07-03 10:28 . 2009-07-03 10:28 28672 ----a-w- C:\fdvjfx.exe
2009-07-03 10:27 . 2009-07-03 10:28 219645 ----a-w- C:\gklrwl.exe
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
2009-07-03 10:26 . 1980-08-17 00:00 28160 ----a-w- C:\tcburi.exe.dat
2009-07-03 10:25 . 2009-07-03 10:26 39424 ----a-w- C:\tcburi.exe
.
((((((((((((((((((((((((((
.
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D
2009-07-04 11:24 . 2009-07-03 10:35 4 ---h--w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"MSMSGS"="c:\program files\Messenger\msmsgs.exe
"swg"="c:\program files\Google\GoogleToolbar
[HKEY_LOCAL_MACHINE\SOFTWA
"ehTray"="c:\windows\ehome
"DLCCCATS"="c:\windows\Sys
"MMTray"="c:\program files\Musicmatch\Musicmatc
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.
"QuickTime Task"="c:\program files\QuickTime\qttask.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
[HKEY_USERS\.DEFAULT\Softw
"swg"="c:\program files\Google\GoogleToolbar
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
VPN Client.lnk - c:\windows\Installer\{6DC4
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda
backup=c:\windows\pss\Koda
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA
backup=c:\windows\pss\KODA
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr
backup=c:\windows\pss\Micr
[HKLM\~\services\sharedacc
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc
"%windir%\\system32\\sessm
"c:\\Program Files\\Messenger\\msmsgs.e
"c:\\Program Files\\iTunes\\iTunes.exe"
"c:\\Program Files\\Grisoft\\AVG7\\avga
"c:\\Program Files\\Grisoft\\AVG7\\avge
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e
R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/3/2009 5:33 AM 9344]
S1 wnowuxog;wnowuxog;\??\c:\w
[HKEY_LOCAL_MACHINE\softwa
drv REG_MULTI_SZ drv
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mediacomtoday.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3
.
**************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 00:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi
DLCCCATS = rundll32 c:\windows\System32\spool\
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa
"SymbolicLinkValue"=hex(6)
00,5c,00,4d,00,41,00,43,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\shdocl
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\ehome\ehrecvr.e
c:\windows\ehome\ehSched.e
c:\windows\ehome\mcrdsvc.e
c:\windows\system32\dllhos
c:\windows\system32\wscntf
c:\windows\ehome\ehmsas.ex
.
**************************
.
Completion time: 2009-07-07 1:00 - machine was rebooted
ComboFix-quarantined-files
Pre-Run: 62,457,442,304 bytes free
Post-Run: 62,367,428,608 bytes free
926 --- E O F --- 2009-07-07 02:23
Combofix deleted a lot of bad files there!
Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
-------------------------- ---------- ---------- ---------- ---------- ------
File::
c:\windows\567788.bat
C:\tcburi.exe.dat
C:\tcburi.exe
c:\windows\system32\driver s\wnowuxog .sys
Folder::
c:\program files\drv
C:\_828453_
DirLook::
c:\windows\System Volume Information
c:\windows\Fonts\mlog
c:\windows\LMIA.tmp
c:\windows\LMI2C.tmp
Driver::
wnowuxog
drvdrv
drv
Registry::
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\SvcHost
"drv"=-
-------------------------- ---------- ---------- ---------- ---------- ------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
--------------------------
File::
c:\windows\567788.bat
C:\tcburi.exe.dat
C:\tcburi.exe
c:\windows\system32\driver
Folder::
c:\program files\drv
C:\_828453_
DirLook::
c:\windows\System Volume Information
c:\windows\Fonts\mlog
c:\windows\LMIA.tmp
c:\windows\LMI2C.tmp
Driver::
wnowuxog
drvdrv
drv
Registry::
HKEY_LOCAL_MACHINE\SOFTWAR
"drv"=-
--------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
ASKER
Thanks a bunch rpggamergirl! That worked like a charm. It cleaned up the malware. I've ran spybot a few times and ComboFix again and everything looks clean. Thank you very much!
That said there is still a very odd problem. I can not access Internet Explorer anymore. This is something that started (among so many other things) when the System Security spyware struck the computer but I can not undo it. I've gone through the steps to make sure the user has ownership of both the program iexplorer and the folder c:/programfiles/internetex plorer..
I installed Firefox. The problem with Internet Explorer not working is now updates will not work either. I tried to Uninstall explorer and reinstall but when I try installing IE7 or IE8 it gets to the end of the whole install process and says the Update was not successful. Which is what happens when I try to update the system.
Any ideas as to why this one program is still giving trouble? Any way to gain permission to use it?
Oh right, that's the error message, the "Windows can not access the specific device, path, or file. You may not have permission to access the item."
The permissions are set for Full Control for everyone, and the owner is set to the user (it also does the same problem when administrator is owner)
Thanks so much again for the expert advice to solve the Malware issue!
ComboFix 09-07-06.02 - Tom Cosat 07/08/2009 1:52.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18. 502.272 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((( (((((((((( ((( Other Deletions )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
c:\windows\Installer\9751. msi
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))) )))))
.
2009-07-08 06:35 . 2006-05-25 15:29 22752 ----a-w- c:\windows\system32\spupds vc.exe
2009-07-08 06:20 . 2009-07-08 06:20 -------- d-----w- c:\windows\system32\bits
2009-07-08 06:19 . 2007-03-29 12:56 8192 ------w- c:\windows\system32\dllcac he\bitsprx 2.dll
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcac he\bitsprx 4.dll
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcac he\bitsprx 3.dll
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\bitspr x4.dll
2009-07-08 06:19 . 2007-03-29 12:56 409600 ------w- c:\windows\system32\dllcac he\qmgr.dl l
2009-07-08 06:19 . 2007-03-29 12:56 18944 ------w- c:\windows\system32\dllcac he\qmgrprx y.dll
2009-07-08 05:57 . 2009-07-08 05:57 -------- d-----w- c:\documents and settings\Administrator\Loc al Settings\Application Data\Mozilla
2009-07-08 05:30 . 2009-07-08 05:30 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\Mozilla
2009-07-08 05:20 . 2009-07-08 05:20 -------- d-----w- c:\documents and settings\Administrator\Loc al Settings\Application Data\BVRP Software
2009-07-08 05:07 . 2009-07-08 05:07 -------- d--h--w- c:\windows\PIF
2009-07-08 03:14 . 2009-07-08 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03 -------- d-----w- c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcac he\msctf.d ll
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquo ta.exe
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcac he\proquot a.exe
2009-07-07 00:41 . 2009-07-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca l Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi neStore
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf 03635
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2009-07-08 06:25 . 2005-12-03 21:04 61928 ----a-w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA vL.sys
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D 6373.sys
2009-07-04 11:24 . 2009-07-03 10:35 4 ---ha-w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals pl.dll
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine t.dll
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco de.dll
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k .sys
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4 .dll
.
(((((((((((((((((((((((((( ((( SnapShot@2009-07-07_05.57. 17 )))))))))))))))))))))))))) )))))))))) )))))
.
+ 2005-09-23 04:49 . 2005-09-23 04:49 95744 c:\windows\WinSxS\x86_Micr osoft.VC80 .ATL_1fc8b 3b9a1e18e3 b_8.0.5072 7.42_x-ww_ 6e805841\A TL80.dll
+ 2007-03-26 06:00 . 2007-03-26 06:00 88824 c:\windows\system32\vxbloc k.dll
- 2007-03-26 07:00 . 2007-03-26 07:00 88824 c:\windows\system32\vxbloc k.dll
+ 2005-08-17 03:06 . 2008-07-09 07:38 26488 c:\windows\system32\spupds vcOLD.exe
+ 2005-08-16 10:40 . 2007-03-29 12:56 18944 c:\windows\system32\qmgrpr xy.dll
- 2005-08-16 10:40 . 2004-08-10 11:00 18944 c:\windows\system32\qmgrpr xy.dll
+ 2008-02-13 22:16 . 2008-02-13 22:16 66032 c:\windows\system32\pxinsa 64.exe
+ 2008-02-13 22:17 . 2008-02-13 22:17 66544 c:\windows\system32\pxcpya 64.exe
+ 2005-08-16 10:18 . 2009-07-08 06:18 63016 c:\windows\system32\perfc0 09.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normal iz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 74240 c:\windows\system32\mscori es.dll
+ 2009-03-08 09:32 . 2007-08-13 23:39 13312 c:\windows\system32\ieudin it.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl. dll
+ 2008-02-13 22:16 . 2008-02-13 22:16 68080 c:\windows\system32\drvins 64.exe
- 2007-03-29 09:00 . 2007-03-29 09:00 43528 c:\windows\system32\driver s\pxhelp20 .sys
+ 2008-02-13 08:00 . 2008-02-13 08:00 43528 c:\windows\system32\driver s\pxhelp20 .sys
+ 2005-09-23 12:28 . 2005-09-23 12:28 83456 c:\windows\system32\dfshim .dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 26488 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \spcustom. dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 17272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\spmsg. dll
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \xpshims.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \jsproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \xpshims.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \jsproxy.d ll
+ 2009-07-08 00:13 . 2008-07-08 13:02 26488 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \spcustom. dll
+ 2009-07-08 00:13 . 2008-07-08 13:02 17272 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\spmsg. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 28160 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ WMINet_Uti ls.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 71680 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ TLBREF.DLL
+ 2005-09-23 12:28 . 2005-09-23 12:28 86016 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Web .RegularEx pressions. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 47616 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Ent erpriseSer vices.Thun k.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 81920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dra wing.Desig n.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 81920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Con figuration .Install.d ll
+ 2005-09-23 12:29 . 2005-09-23 12:29 85504 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ ShFusRes.d ll
+ 2005-09-23 12:29 . 2005-09-23 12:29 59072 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ regtlibv12 .exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 32768 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ RegSvcs.ex e
+ 2005-09-23 12:28 . 2005-09-23 12:28 53248 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ RegAsm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 78336 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ PerfCounte r.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 14848 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ normalizat ion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 96440 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ ngen.exe
+ 2005-09-23 12:29 . 2005-09-23 12:29 22528 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ MUI\0409\m scorsecr.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 10240 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscortim.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 66240 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorsvw.e xe
+ 2005-09-23 12:28 . 2005-09-23 12:28 67072 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorsec.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 81408 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorld.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorie.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 73216 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscordbc.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 69632 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ MSBuild.ex e
+ 2005-09-23 12:28 . 2005-09-23 12:28 87552 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ MmcAspExt. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 12800 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Vsa.Vb.Cod eDOMProces sor.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 32768 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 28672 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. VisualBasi c.Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 73728 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Build.Util ities.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Build.Fram ework.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36 85504 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47 84480 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 11:30 . 2005-09-23 11:30 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47 81920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47 82432 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47 82432 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46 83456 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46 81920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46 83456 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 11:44 . 2005-09-23 11:44 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 11:42 . 2005-09-23 11:42 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40 84480 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40 83968 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38 86016 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38 81408 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 08:46 . 2005-09-23 08:46 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36 87552 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34 85504 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34 81920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34 82944 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 11:32 . 2005-09-23 11:32 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 80896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 40960 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ jsc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 72192 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ ISymWrappe r.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 55296 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ InstallUti lLib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 28672 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ InstallUti l.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ IEHost.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 52736 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ dfdll.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 31936 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ cvtres.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 68608 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ CustomMars halers.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 17920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Culture.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 13312 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ cscompmgd. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 76984 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ csc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 88576 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ CORPerfMon Ext.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 29888 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_wp. exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 29896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_sta te.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 26824 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_reg iis.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 13824 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_reg browsers.e xe
+ 2005-09-23 12:28 . 2005-09-23 12:28 70656 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_rc. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 23552 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Aspnet_per f.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 10752 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_fil ter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_com piler.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 55488 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ AppLaunch. exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 87552 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ alink.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 10752 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Accessibil ity.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 18944 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ 1033\alink ui.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 86528 c:\windows\Microsoft.NET\F ramework\v 1.0.3705\m scormmc.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 72704 c:\windows\Microsoft.NET\F ramework\N ETFXSBS10. exe
+ 2009-07-08 06:19 . 2009-07-08 06:19 81920 c:\windows\assembly\Native Images_v2. 0.50727_32 \Microsoft .Build.Fra #\3a7ec02a 4f190c48a7 3228360a4b 363b\Micro soft.Build .Framework .ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19 15360 c:\windows\assembly\Native Images_v2. 0.50727_32 \dfsvc\efe d50c6c5d11 941b65134f a32c54395\ dfsvc.ni.e xe
+ 2009-07-08 06:19 . 2009-07-08 06:19 26624 c:\windows\assembly\Native Images_v2. 0.50727_32 \Accessibi lity\26861 91bf7ff984 28783e4748 deebd2a\Ac cessibilit y.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 86016 c:\windows\assembly\GAC_MS IL\System. Web.Regula rExpressio ns\2.0.0.0 __b03f5f7f 11d50a3a\S ystem.Web. RegularExp ressions.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 81920 c:\windows\assembly\GAC_MS IL\System. Drawing.De sign\2.0.0 .0__b03f5f 7f11d50a3a \System.Dr awing.Desi gn.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 81920 c:\windows\assembly\GAC_MS IL\System. Configurat ion.Instal l\2.0.0.0_ _b03f5f7f1 1d50a3a\Sy stem.Confi guration.I nstall.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 32768 c:\windows\assembly\GAC_MS IL\Microso ft.Vsa\8.0 .0.0__b03f 5f7f11d50a 3a\Microso ft.Vsa.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 12800 c:\windows\assembly\GAC_MS IL\Microso ft.Vsa.Vb. CodeDOMPro cessor\8.0 .0.0__b03f 5f7f11d50a 3a\Microso ft.Vsa.Vb. CodeDOMPro cessor.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 28672 c:\windows\assembly\GAC_MS IL\Microso ft.VisualB asic.Vsa\8 .0.0.0__b0 3f5f7f11d5 0a3a\Micro soft.Visua lBasic.Vsa .dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 73728 c:\windows\assembly\GAC_MS IL\Microso ft.Build.U tilities\2 .0.0.0__b0 3f5f7f11d5 0a3a\Micro soft.Build .Utilities .dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 36864 c:\windows\assembly\GAC_MS IL\Microso ft.Build.F ramework\2 .0.0.0__b0 3f5f7f11d5 0a3a\Micro soft.Build .Framework .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 36864 c:\windows\assembly\GAC_MS IL\IEHost\ 2.0.0.0__b 03f5f7f11d 50a3a\IEHo st.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 13312 c:\windows\assembly\GAC_MS IL\cscompm gd\8.0.0.0 __b03f5f7f 11d50a3a\c scompmgd.d ll
+ 2009-07-08 06:15 . 2009-07-08 06:15 10752 c:\windows\assembly\GAC_MS IL\Accessi bility\2.0 .0.0__b03f 5f7f11d50a 3a\Accessi bility.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 72192 c:\windows\assembly\GAC_32 \ISymWrapp er\2.0.0.0 __b03f5f7f 11d50a3a\I SymWrapper .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 68608 c:\windows\assembly\GAC_32 \CustomMar shalers\2. 0.0.0__b03 f5f7f11d50 a3a\Custom Marshalers .dll
+ 2007-02-02 08:00 . 2007-02-02 08:00 9464 c:\windows\system32\driver s\cdralw2k .sys
- 2007-02-02 09:00 . 2007-02-02 09:00 9464 c:\windows\system32\driver s\cdralw2k .sys
- 2007-02-02 09:00 . 2007-02-02 09:00 9336 c:\windows\system32\driver s\cdr4_xp. sys
+ 2007-02-02 08:00 . 2007-02-02 08:00 9336 c:\windows\system32\driver s\cdr4_xp. sys
+ 2005-08-16 10:40 . 2007-03-29 12:56 7168 c:\windows\system32\bitspr x3.dll
- 2005-08-16 10:40 . 2004-08-10 11:00 7168 c:\windows\system32\bitspr x3.dll
+ 2005-08-16 10:40 . 2007-03-29 12:56 8192 c:\windows\system32\bitspr x2.dll
- 2005-08-16 10:40 . 2004-08-10 11:00 8192 c:\windows\system32\bitspr x2.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ sbscmp20_m scorlib.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 9216 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorsn.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 7168 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft_ VsaVb.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 5632 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. VisualC.Dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 5632 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ IIEHost.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 8192 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ IEExecRemo te.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 9728 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ IEExec.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 9216 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ fusion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 4608 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ dfsvc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 8192 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_isa pi.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 4608 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ 1033\CvtRe sUI.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F ramework\S haredReg12 .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F ramework\s bscmp20_pe rfcounter. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F ramework\s bscmp20_ms corwks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F ramework\s bscmp10.dl l
+ 2009-07-08 06:15 . 2009-07-08 06:15 7168 c:\windows\assembly\GAC_MS IL\Microso ft_VsaVb\8 .0.0.0__b0 3f5f7f11d5 0a3a\Micro soft_VsaVb .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 5632 c:\windows\assembly\GAC_MS IL\Microso ft.VisualC \8.0.0.0__ b03f5f7f11 d50a3a\Mic rosoft.Vis ualC.Dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 5632 c:\windows\assembly\GAC_MS IL\IIEHost \2.0.0.0__ b03f5f7f11 d50a3a\IIE Host.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 8192 c:\windows\assembly\GAC_MS IL\IEExecR emote\2.0. 0.0__b03f5 f7f11d50a3 a\IEExecRe mote.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 114176 c:\windows\WinSxS\x86_Syst em.Enterpr iseService s_b03f5f7f 11d50a3a_2 .0.0.0_x-w w_7d5f3790 \System.En terpriseSe rvices.Wra pper.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 258048 c:\windows\WinSxS\x86_Syst em.Enterpr iseService s_b03f5f7f 11d50a3a_2 .0.0.0_x-w w_7d5f3790 \System.En terpriseSe rvices.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 626688 c:\windows\WinSxS\x86_Micr osoft.VC80 .CRT_1fc8b 3b9a1e18e3 b_8.0.5072 7.42_x-ww_ 0de06acd\m svcr80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 548864 c:\windows\WinSxS\x86_Micr osoft.VC80 .CRT_1fc8b 3b9a1e18e3 b_8.0.5072 7.42_x-ww_ 0de06acd\m svcp80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48 479232 c:\windows\WinSxS\x86_Micr osoft.VC80 .CRT_1fc8b 3b9a1e18e3 b_8.0.5072 7.42_x-ww_ 0de06acd\m svcm80.dll
+ 2009-01-07 23:21 . 2009-01-07 23:21 121856 c:\windows\system32\xmllit e.dll
+ 2005-08-16 10:40 . 2007-03-29 12:56 409600 c:\windows\system32\qmgr.d ll
+ 2007-07-05 22:55 . 2007-07-05 22:55 158192 c:\windows\system32\pxwma. dll
+ 2007-07-05 22:55 . 2007-07-05 22:55 379376 c:\windows\system32\PxWave .dll
+ 2007-07-05 22:55 . 2007-07-05 22:55 186864 c:\windows\system32\PxMas. dll
+ 2008-02-13 22:16 . 2008-02-13 22:16 121328 c:\windows\system32\pxinsi 64.exe
+ 2007-06-07 06:02 . 2007-06-07 06:02 535288 c:\windows\system32\pxdrv. dll
+ 2008-02-13 22:17 . 2008-02-13 22:17 120304 c:\windows\system32\pxcpyi 64.exe
+ 2007-07-05 22:55 . 2007-07-05 22:55 567792 c:\windows\system32\Px.dll
+ 2005-08-16 10:18 . 2009-07-08 06:18 402406 c:\windows\system32\perfh0 09.dat
+ 2008-10-16 19:07 . 2008-10-16 19:07 208744 c:\windows\system32\muweb. dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2 .dll
+ 2005-08-16 10:18 . 2008-02-26 11:59 294912 c:\windows\system32\msctf. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 150016 c:\windows\system32\mscori er.dll
+ 2005-08-16 10:27 . 2009-07-08 06:23 234368 c:\windows\system32\FNTCAC HE.DAT
+ 2009-07-08 06:19 . 2007-03-29 12:56 409600 c:\windows\system32\bits\q mgr.dll
+ 2009-07-08 00:13 . 2008-07-09 07:38 382840 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \updspapi. dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 755576 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \update.ex e
+ 2009-07-08 00:13 . 2007-11-30 12:39 231288 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\spunin st.exe
+ 2009-07-08 00:13 . 2009-05-13 05:10 915456 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \wininet.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ieproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \iedkcs32. dll
+ 2009-07-08 00:13 . 2009-04-30 10:47 173056 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ie4uinit. exe
+ 2009-07-08 00:13 . 2009-05-13 05:15 915456 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \wininet.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ieproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \iedkcs32. dll
+ 2009-07-08 00:13 . 2009-04-30 11:21 173056 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ie4uinit. exe
+ 2009-07-08 00:13 . 2008-07-08 13:02 382840 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \updspapi. dll
+ 2009-07-08 00:13 . 2008-07-08 13:02 755576 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \update.ex e
+ 2009-07-08 00:13 . 2008-07-08 13:02 231288 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\spunin st.exe
+ 2009-07-08 00:13 . 2009-06-02 08:21 102912 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\SP3QFE \iecompat. dll
+ 2009-07-08 00:13 . 2009-06-02 10:12 102912 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\SP3GDR \iecompat. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 298496 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ webengine. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 823296 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Web .Services. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 835584 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Web .Mobile.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 260096 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Tra nsactions. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 114688 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Ser viceProces s.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Sec urity.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 131072 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Run time.Seria lization.F ormatters. Soap.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 299008 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Run time.Remot ing.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Mes saging.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 368640 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Man agement.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 114176 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Ent erpriseSer vices.Wrap per.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Ent erpriseSer vices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 700416 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dra wing.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 188416 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dir ectoryServ ices.Proto cols.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 397312 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dir ectoryServ ices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 884736 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dep loyment.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 716800 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dat a.SqlXml.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 482304 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dat a.OracleCl ient.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 389120 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.con figuration .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 110592 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ sysglobl.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 377344 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ SOS.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 107520 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ shfusion.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 136192 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ peverify.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 226816 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorsvc.d ll
+ 2005-09-23 12:29 . 2005-09-23 12:29 330752 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorrc.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 102400 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorpe.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 326144 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorjit.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 288768 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscordbi.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 800768 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscordacwk s.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 667648 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. VisualBasi c.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 372736 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. VisualBasi c.Compatib ility.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 110592 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. VisualBasi c.Compatib ility.Data .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 745472 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. JScript.dl l
+ 2005-09-23 12:28 . 2005-09-23 12:28 647168 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Build.Task s.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 413696 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft. Build.Engi ne.dll
+ 2005-09-23 12:57 . 2005-09-23 12:57 245408 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 12:01 . 2005-09-23 12:01 609472 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 224952 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ ilasm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 788992 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ EventLogMe ssages.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 547840 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ diasymread er.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 106496 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ CasPol.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 503808 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ AspNetMMCE xt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 106496 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ aspnet_reg sql.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 138240 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ AdoNetDiag .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 208896 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ 1033\Vsavb 7rtUI.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29 183808 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ 1033\vbc7u i.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 136192 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ 1033\cscom pui.dll
+ 2009-07-08 06:11 . 2009-07-08 06:11 301056 c:\windows\Installer\c602. msi
+ 2009-07-08 06:20 . 2009-07-08 06:20 684032 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Tr ansactions \a9dda6265 0c90c4b877 5054149fe7 c3c\System .Transacti ons.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 729088 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Se curity\d26 00b765323a 344889a69e 12fbc4ce0\ System.Sec urity.ni.d ll
+ 2009-07-08 06:20 . 2009-07-08 06:20 294912 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.En terpriseSe #\f24ab4f8 6a11614798 31b34fc62e 1171\Syste m.Enterpri seServices .Wrapper.d ll
+ 2009-07-08 06:20 . 2009-07-08 06:20 659456 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.En terpriseSe #\f24ab4f8 6a11614798 31b34fc62e 1171\Syste m.Enterpri seServices .ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17 229376 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Dr awing.Desi #\54550005 0c541645b3 96ac7ed8fd d4d7\Syste m.Drawing. Design.ni. dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 512000 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Di rectorySer #\495ffd83 325b8741b9 34669e2b63 68ae\Syste m.Director yServices. Protocols. ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 962560 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Co nfiguratio n\22fa67bf 8980f14ba6 109232a59b 74d0\Syste m.Configur ation.ni.d ll
+ 2009-07-08 06:19 . 2009-07-08 06:19 163840 c:\windows\assembly\Native Images_v2. 0.50727_32 \Microsoft .Build.Uti #\6f8804a4 dd25914399 253ce4d6a8 26a3\Micro soft.Build .Utilities .ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19 880640 c:\windows\assembly\Native Images_v2. 0.50727_32 \Microsoft .Build.Eng #\09aca304 62cae54fa0 3219859a0f 89c2\Micro soft.Build .Engine.ni .dll
+ 2009-07-08 06:19 . 2009-07-08 06:19 237568 c:\windows\assembly\Native Images_v2. 0.50727_32 \CustomMar shalers\19 2082f83078 3640807458 28e07397a0 \CustomMar shalers.ni .dll
+ 2009-07-08 06:19 . 2009-07-08 06:19 860160 c:\windows\assembly\Native Images_v2. 0.50727_32 \AspNetMMC Ext\329860 18bb38f749 87637a756e 4509e1\Asp NetMMCExt. ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 823296 c:\windows\assembly\GAC_MS IL\System. Web.Servic es\2.0.0.0 __b03f5f7f 11d50a3a\S ystem.Web. Services.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 835584 c:\windows\assembly\GAC_MS IL\System. Web.Mobile \2.0.0.0__ b03f5f7f11 d50a3a\Sys tem.Web.Mo bile.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 114688 c:\windows\assembly\GAC_MS IL\System. ServicePro cess\2.0.0 .0__b03f5f 7f11d50a3a \System.Se rviceProce ss.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 258048 c:\windows\assembly\GAC_MS IL\System. Security\2 .0.0.0__b0 3f5f7f11d5 0a3a\Syste m.Security .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 131072 c:\windows\assembly\GAC_MS IL\System. Runtime.Se rializatio n.Formatte rs.Soap\2. 0.0.0__b03 f5f7f11d50 a3a\System .Runtime.S erializati on.Formatt ers.Soap.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 299008 c:\windows\assembly\GAC_MS IL\System. Runtime.Re moting\2.0 .0.0__b77a 5c561934e0 89\System. Runtime.Re moting.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 258048 c:\windows\assembly\GAC_MS IL\System. Messaging\ 2.0.0.0__b 03f5f7f11d 50a3a\Syst em.Messagi ng.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 368640 c:\windows\assembly\GAC_MS IL\System. Management \2.0.0.0__ b03f5f7f11 d50a3a\Sys tem.Manage ment.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 700416 c:\windows\assembly\GAC_MS IL\System. Drawing\2. 0.0.0__b03 f5f7f11d50 a3a\System .Drawing.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 397312 c:\windows\assembly\GAC_MS IL\System. DirectoryS ervices\2. 0.0.0__b03 f5f7f11d50 a3a\System .Directory Services.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 188416 c:\windows\assembly\GAC_MS IL\System. DirectoryS ervices.Pr otocols\2. 0.0.0__b03 f5f7f11d50 a3a\System .Directory Services.P rotocols.d ll
+ 2009-07-08 06:15 . 2009-07-08 06:15 884736 c:\windows\assembly\GAC_MS IL\System. Deployment \2.0.0.0__ b03f5f7f11 d50a3a\Sys tem.Deploy ment.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 716800 c:\windows\assembly\GAC_MS IL\System. Data.SqlXm l\2.0.0.0_ _b77a5c561 934e089\Sy stem.Data. SqlXml.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 389120 c:\windows\assembly\GAC_MS IL\System. Configurat ion\2.0.0. 0__b03f5f7 f11d50a3a\ System.con figuration .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 110592 c:\windows\assembly\GAC_MS IL\sysglob l\2.0.0.0_ _b03f5f7f1 1d50a3a\sy sglobl.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 667648 c:\windows\assembly\GAC_MS IL\Microso ft.VisualB asic\8.0.0 .0__b03f5f 7f11d50a3a \Microsoft .VisualBas ic.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 372736 c:\windows\assembly\GAC_MS IL\Microso ft.VisualB asic.Compa tibility\8 .0.0.0__b0 3f5f7f11d5 0a3a\Micro soft.Visua lBasic.Com patibility .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 110592 c:\windows\assembly\GAC_MS IL\Microso ft.VisualB asic.Compa tibility.D ata\8.0.0. 0__b03f5f7 f11d50a3a\ Microsoft. VisualBasi c.Compatib ility.Data .dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 745472 c:\windows\assembly\GAC_MS IL\Microso ft.JScript \8.0.0.0__ b03f5f7f11 d50a3a\Mic rosoft.JSc ript.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 647168 c:\windows\assembly\GAC_MS IL\Microso ft.Build.T asks\2.0.0 .0__b03f5f 7f11d50a3a \Microsoft .Build.Tas ks.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 413696 c:\windows\assembly\GAC_MS IL\Microso ft.Build.E ngine\2.0. 0.0__b03f5 f7f11d50a3 a\Microsof t.Build.En gine.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 503808 c:\windows\assembly\GAC_MS IL\AspNetM MCExt\2.0. 0.0__b03f5 f7f11d50a3 a\AspNetMM CExt.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 260096 c:\windows\assembly\GAC_32 \System.Tr ansactions \2.0.0.0__ b77a5c5619 34e089\Sys tem.Transa ctions.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 114176 c:\windows\assembly\GAC_32 \System.En terpriseSe rvices\2.0 .0.0__b03f 5f7f11d50a 3a\System. Enterprise Services.W rapper.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15 258048 c:\windows\assembly\GAC_32 \System.En terpriseSe rvices\2.0 .0.0__b03f 5f7f11d50a 3a\System. Enterprise Services.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 482304 c:\windows\assembly\GAC_32 \System.Da ta.OracleC lient\2.0. 0.0__b77a5 c561934e08 9\System.D ata.Oracle Client.dll
+ 2007-07-05 22:55 . 2007-07-05 22:55 1649136 c:\windows\system32\PxSFS. DLL
+ 2008-03-20 23:06 . 2008-03-20 23:06 1480232 c:\windows\system32\LegitC heckContro l.dll
+ 2008-04-25 01:18 . 2008-04-25 01:18 3030568 c:\windows\sd_old\Download \9866fb57a bdc0ea2f5d 4e132d055b a4e\Window sXP-KB9369 29-SP3-Exp ress-x86-E NU.exe
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \urlmon.dl l
+ 2009-07-08 00:13 . 2009-05-13 05:10 5936128 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \mshtml.dl l
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \iertutil. dll
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \urlmon.dl l
+ 2009-07-08 00:13 . 2009-05-13 05:15 5936128 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \mshtml.dl l
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \iertutil. dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 1306624 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ VsaVb7rt.d ll
+ 2005-09-23 12:29 . 2005-09-23 12:29 1140920 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ vbc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28 2035712 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.XML .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 5316608 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Win dows.Forms .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 5025792 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Web .dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 3018752 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 5050368 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Des ign.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 2878976 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ System.Dat a.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28 5615616 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorwks.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 4308992 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ mscorlib.d ll
+ 2005-09-23 12:28 . 2005-09-23 12:28 1144832 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ cscomp.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 2109440 c:\windows\Installer\c618. msi
+ 2009-07-08 06:17 . 2009-07-08 06:17 8093696 c:\windows\assembly\Native Images_v2. 0.50727_32 \System\71 4c48067ee2 22458120d5 8d113003e0 \System.ni .dll
+ 2009-07-08 06:17 . 2009-07-08 06:17 5640192 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Xm l\cdd57b6c 4303dd428e 8bb6c4207d c276\Syste m.Xml.ni.d ll
+ 2009-07-08 06:17 . 2009-07-08 06:17 1626112 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Dr awing\01d3 8bf87e122c 43ab6acef3 5e30e9d6\S ystem.Draw ing.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 1220608 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Di rectorySer #\a48747ab 5114914c8d 276c436e8b 1598\Syste m.Director yServices. ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 1716224 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.De ployment\f 3278ee4fa3 29a4b9161c 0faa2b01a2 b\System.D eployment. ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17 6688768 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Da ta\a8bed43 3d2cdaa4a8 1b7890318e 93b7e\Syst em.Data.ni .dll
+ 2009-07-08 06:20 . 2009-07-08 06:20 1724416 c:\windows\assembly\Native Images_v2. 0.50727_32 \Microsoft .VisualBas #\bb5a6e1a 3d077c4b9a 640df54a22 b1d7\Micro soft.Visua lBasic.ni. dll
+ 2009-07-08 06:19 . 2009-07-08 06:19 1691648 c:\windows\assembly\Native Images_v2. 0.50727_32 \Microsoft .Build.Tas #\18dfb9f0 3c30e64790 1a30406a91 e6b5\Micro soft.Build .Tasks.ni. dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 3018752 c:\windows\assembly\GAC_MS IL\System\ 2.0.0.0__b 77a5c56193 4e089\Syst em.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 2035712 c:\windows\assembly\GAC_MS IL\System. Xml\2.0.0. 0__b77a5c5 61934e089\ System.XML .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 5316608 c:\windows\assembly\GAC_MS IL\System. Windows.Fo rms\2.0.0. 0__b77a5c5 61934e089\ System.Win dows.Forms .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 5050368 c:\windows\assembly\GAC_MS IL\System. Design\2.0 .0.0__b03f 5f7f11d50a 3a\System. Design.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 5025792 c:\windows\assembly\GAC_32 \System.We b\2.0.0.0_ _b03f5f7f1 1d50a3a\Sy stem.Web.d ll
+ 2009-07-08 06:16 . 2009-07-08 06:16 2878976 c:\windows\assembly\GAC_32 \System.Da ta\2.0.0.0 __b77a5c56 1934e089\S ystem.Data .dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 4308992 c:\windows\assembly\GAC_32 \mscorlib\ 2.0.0.0__b 77a5c56193 4e089\msco rlib.dll
+ 2009-07-08 00:19 . 2009-03-24 05:48 16883056 c:\windows\sd_old\Download \Install\I E8-Windows XP-x86-ENU .exe
+ 2009-05-01 20:22 . 2009-05-01 20:22 11064832 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ieframe.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 11064832 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ieframe.d ll
+ 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\F ramework\v 2.0.50727\ Microsoft .NET Framework 2.0\netfx.msi
+ 2009-07-08 06:17 . 2009-07-08 06:17 13107200 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.Wi ndows.Form s\a43252cf c873ed41be 69738ca23e f383\Syste m.Windows. Forms.ni.d ll
+ 2009-07-08 06:20 . 2009-07-08 06:20 11808768 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.We b\1e6c77ee 23f5534597 38fdf1f336 e0b4\Syste m.Web.ni.d ll
+ 2009-07-08 06:18 . 2009-07-08 06:18 10723328 c:\windows\assembly\Native Images_v2. 0.50727_32 \System.De sign\a95f7 f060a1c704 0a5cae4c8e bac256c\Sy stem.Desig n.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16 11415552 c:\windows\assembly\Native Images_v2. 0.50727_32 \mscorlib\ 242754ae15 b34b41a206 4b887bb78b bb\mscorli b.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe " [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"ehTray"="c:\windows\ehome \ehtray.ex e" [2005-09-29 67584]
"DLCCCATS"="c:\windows\Sys tem32\spoo l\DRIVERS\ W32X86\3\D LCCtime.dl l" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatc h Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy. exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe " [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\Update Service\IS USPM.exe" [2005-06-10 249856]
[HKEY_USERS\.DEFAULT\Softw are\Micros oft\Window s\CurrentV ersion\Run ]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC4 7739-3BB0- 4494-A43D- 193BF54070 AE}\Icon3E 5562ED7.ic o [2008-11-22 6144]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Saf eBoot\Mini mal\OneCar eMP]
@=""
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Koda k EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda k EasyShare software.lnk
backup=c:\windows\pss\Koda k EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^KODA K Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA K Software Updater.lnk
backup=c:\windows\pss\KODA K Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Micr osoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr osoft Office.lnk
backup=c:\windows\pss\Micr osoft Office.lnkCommon Startup
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile\Auth orizedAppl ications\L ist]
"%windir%\\system32\\sessm gr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.e xe"=
"c:\\Program Files\\iTunes\\iTunes.exe" =
"c:\\Program Files\\Grisoft\\AVG7\\avga msvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avge mc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e xe"=
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3 19559290BF A} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
FF - ProfilePath - c:\documents and settings\Tom Cosat\Application Data\Mozilla\Firefox\Profi les\7vd1tw ml.default \
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_s ite_origin ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabl ed", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autoc omplete.en abled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.ma ilnews.*.w holeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_ quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_p robe_rate" , 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt- temp-redir ect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixels PerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_sing le_finger_ input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_scrip t_run_time ", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuff er", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security- prefs.js - pref("security.remember_ce rt_checkbo x_default_ setting", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox-brandi ng.js - pref("browser.search.param .yahoo-fr" , "moz35");
c:\program files\Mozilla Firefox\defaults\pref\fire fox-brandi ng.js - pref("browser.search.param .yahoo-fr- cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("extensions.blocklist .level", 2);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.urlbar.restr ict.typed" , "~");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.urlbar.defau lt.behavio r", 0);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.histor y", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.formda ta", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.passwo rds", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.downlo ads", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.cookie s", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.cache" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.sessio ns", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.offlin eApps", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.clearOnShutd own.siteSe ttings", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.history" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.password s", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.download s", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.cookies" , true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.offlineA pps", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.cpd.siteSett ings", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("privacy.sanitize.mig rateFx3Pre fs", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.ssl_override _behavior" , 2);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("security.alternate_c ertificate _error_pag e", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.privatebrows ing.autost art", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("browser.privatebrows ing.dont_p rompt_on_e nter", false);
c:\program files\Mozilla Firefox\defaults\pref\fire fox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 01:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
DLCCCATS = rundll32 c:\windows\System32\spool\ DRIVERS\W3 2X86\3\DLC Ctime.dll, _RunDLLEnt ry@16????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa re\Determi nisticNetw orks\DNE\P arameters]
"SymbolicLinkValue"=hex(6) :5c,00,52, 00,65,00,6 7,00,69,00 ,73,00,74, 00,72,00,7 9,
00,5c,00,4d,00,41,00,43,00 ,48,00,49, 00,4e,00,4 5,00,5c,00 ,53,00,79, 00,73,00,\
.
Completion time: 2009-07-08 1:59
ComboFix-quarantined-files .txt 2009-07-08 06:59
ComboFix2.txt 2009-07-08 04:47
ComboFix3.txt 2009-07-08 04:40
ComboFix4.txt 2009-07-07 09:20
ComboFix5.txt 2009-07-08 06:51
Pre-Run: 60,646,686,720 bytes free
Post-Run: 60,655,616,000 bytes free
503 --- E O F --- 2009-07-08 06:09
That said there is still a very odd problem. I can not access Internet Explorer anymore. This is something that started (among so many other things) when the System Security spyware struck the computer but I can not undo it. I've gone through the steps to make sure the user has ownership of both the program iexplorer and the folder c:/programfiles/internetex
I installed Firefox. The problem with Internet Explorer not working is now updates will not work either. I tried to Uninstall explorer and reinstall but when I try installing IE7 or IE8 it gets to the end of the whole install process and says the Update was not successful. Which is what happens when I try to update the system.
Any ideas as to why this one program is still giving trouble? Any way to gain permission to use it?
Oh right, that's the error message, the "Windows can not access the specific device, path, or file. You may not have permission to access the item."
The permissions are set for Full Control for everyone, and the owner is set to the user (it also does the same problem when administrator is owner)
Thanks so much again for the expert advice to solve the Malware issue!
ComboFix 09-07-06.02 - Tom Cosat 07/08/2009 1:52.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((
.
c:\windows\Installer\9751.
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))
.
2009-07-08 06:35 . 2006-05-25 15:29 22752 ----a-w- c:\windows\system32\spupds
2009-07-08 06:20 . 2009-07-08 06:20 -------- d-----w- c:\windows\system32\bits
2009-07-08 06:19 . 2007-03-29 12:56 8192 ------w- c:\windows\system32\dllcac
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcac
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcac
2009-07-08 06:19 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\bitspr
2009-07-08 06:19 . 2007-03-29 12:56 409600 ------w- c:\windows\system32\dllcac
2009-07-08 06:19 . 2007-03-29 12:56 18944 ------w- c:\windows\system32\dllcac
2009-07-08 05:57 . 2009-07-08 05:57 -------- d-----w- c:\documents and settings\Administrator\Loc
2009-07-08 05:30 . 2009-07-08 05:30 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\Mozilla
2009-07-08 05:20 . 2009-07-08 05:20 -------- d-----w- c:\documents and settings\Administrator\Loc
2009-07-08 05:07 . 2009-07-08 05:07 -------- d--h--w- c:\windows\PIF
2009-07-08 03:14 . 2009-07-08 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03 -------- d-----w- c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcac
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquo
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcac
2009-07-07 00:41 . 2009-07-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
.
((((((((((((((((((((((((((
.
2009-07-08 06:25 . 2005-12-03 21:04 61928 ----a-w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D
2009-07-04 11:24 . 2009-07-03 10:35 4 ---ha-w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4
.
((((((((((((((((((((((((((
.
+ 2005-09-23 04:49 . 2005-09-23 04:49 95744 c:\windows\WinSxS\x86_Micr
+ 2007-03-26 06:00 . 2007-03-26 06:00 88824 c:\windows\system32\vxbloc
- 2007-03-26 07:00 . 2007-03-26 07:00 88824 c:\windows\system32\vxbloc
+ 2005-08-17 03:06 . 2008-07-09 07:38 26488 c:\windows\system32\spupds
+ 2005-08-16 10:40 . 2007-03-29 12:56 18944 c:\windows\system32\qmgrpr
- 2005-08-16 10:40 . 2004-08-10 11:00 18944 c:\windows\system32\qmgrpr
+ 2008-02-13 22:16 . 2008-02-13 22:16 66032 c:\windows\system32\pxinsa
+ 2008-02-13 22:17 . 2008-02-13 22:17 66544 c:\windows\system32\pxcpya
+ 2005-08-16 10:18 . 2009-07-08 06:18 63016 c:\windows\system32\perfc0
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normal
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.
+ 2005-09-23 12:28 . 2005-09-23 12:28 74240 c:\windows\system32\mscori
+ 2009-03-08 09:32 . 2007-08-13 23:39 13312 c:\windows\system32\ieudin
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.
+ 2008-02-13 22:16 . 2008-02-13 22:16 68080 c:\windows\system32\drvins
- 2007-03-29 09:00 . 2007-03-29 09:00 43528 c:\windows\system32\driver
+ 2008-02-13 08:00 . 2008-02-13 08:00 43528 c:\windows\system32\driver
+ 2005-09-23 12:28 . 2005-09-23 12:28 83456 c:\windows\system32\dfshim
+ 2009-07-08 00:13 . 2007-11-30 12:39 26488 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 17272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 26488 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 17272 c:\windows\sd_old\Download
+ 2005-09-23 12:28 . 2005-09-23 12:28 28160 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 71680 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 86016 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 47616 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 81920 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 81920 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 85504 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 59072 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 32768 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 53248 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 78336 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 14848 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 96440 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 22528 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 10240 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 66240 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 67072 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 81408 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 73216 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 69632 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 87552 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 12800 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 32768 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 28672 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 73728 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:36 . 2005-09-23 11:36 85504 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:29 . 2005-09-23 11:29 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:47 . 2005-09-23 11:47 84480 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:30 . 2005-09-23 11:30 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:47 . 2005-09-23 11:47 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:47 . 2005-09-23 11:47 81920 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:47 . 2005-09-23 11:47 82432 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:47 . 2005-09-23 11:47 82432 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:46 . 2005-09-23 11:46 83456 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:46 . 2005-09-23 11:46 81920 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:46 . 2005-09-23 11:46 83456 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:44 . 2005-09-23 11:44 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:42 . 2005-09-23 11:42 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:40 . 2005-09-23 11:40 84480 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:40 . 2005-09-23 11:40 83968 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:40 . 2005-09-23 11:40 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:38 . 2005-09-23 11:38 86016 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:38 . 2005-09-23 11:38 81408 c:\windows\Microsoft.NET\F
+ 2005-09-23 08:46 . 2005-09-23 08:46 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:36 . 2005-09-23 11:36 87552 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:34 . 2005-09-23 11:34 85504 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:34 . 2005-09-23 11:34 81920 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:34 . 2005-09-23 11:34 82944 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:32 . 2005-09-23 11:32 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 11:29 . 2005-09-23 11:29 80896 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 40960 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 72192 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 55296 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 28672 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 52736 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 31936 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 68608 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 17920 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 13312 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 76984 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 88576 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 29888 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 29896 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 26824 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 13824 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 70656 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 23552 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 10752 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 36864 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 55488 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 87552 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 10752 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 18944 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 86528 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 72704 c:\windows\Microsoft.NET\F
+ 2009-07-08 06:19 . 2009-07-08 06:19 81920 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 15360 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 26624 c:\windows\assembly\Native
+ 2009-07-08 06:16 . 2009-07-08 06:16 86016 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 81920 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 81920 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 32768 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 12800 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 28672 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 73728 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 36864 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 36864 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 13312 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 10752 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 72192 c:\windows\assembly\GAC_32
+ 2009-07-08 06:16 . 2009-07-08 06:16 68608 c:\windows\assembly\GAC_32
+ 2007-02-02 08:00 . 2007-02-02 08:00 9464 c:\windows\system32\driver
- 2007-02-02 09:00 . 2007-02-02 09:00 9464 c:\windows\system32\driver
- 2007-02-02 09:00 . 2007-02-02 09:00 9336 c:\windows\system32\driver
+ 2007-02-02 08:00 . 2007-02-02 08:00 9336 c:\windows\system32\driver
+ 2005-08-16 10:40 . 2007-03-29 12:56 7168 c:\windows\system32\bitspr
- 2005-08-16 10:40 . 2004-08-10 11:00 7168 c:\windows\system32\bitspr
+ 2005-08-16 10:40 . 2007-03-29 12:56 8192 c:\windows\system32\bitspr
- 2005-08-16 10:40 . 2004-08-10 11:00 8192 c:\windows\system32\bitspr
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 9216 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 7168 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 5632 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 5632 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 8192 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 9728 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 9216 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 4608 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 8192 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 4608 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 7680 c:\windows\Microsoft.NET\F
+ 2009-07-08 06:15 . 2009-07-08 06:15 7168 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 5632 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 5632 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 8192 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 114176 c:\windows\WinSxS\x86_Syst
+ 2009-07-08 06:15 . 2009-07-08 06:15 258048 c:\windows\WinSxS\x86_Syst
+ 2005-09-23 03:48 . 2005-09-23 03:48 626688 c:\windows\WinSxS\x86_Micr
+ 2005-09-23 03:48 . 2005-09-23 03:48 548864 c:\windows\WinSxS\x86_Micr
+ 2005-09-23 03:48 . 2005-09-23 03:48 479232 c:\windows\WinSxS\x86_Micr
+ 2009-01-07 23:21 . 2009-01-07 23:21 121856 c:\windows\system32\xmllit
+ 2005-08-16 10:40 . 2007-03-29 12:56 409600 c:\windows\system32\qmgr.d
+ 2007-07-05 22:55 . 2007-07-05 22:55 158192 c:\windows\system32\pxwma.
+ 2007-07-05 22:55 . 2007-07-05 22:55 379376 c:\windows\system32\PxWave
+ 2007-07-05 22:55 . 2007-07-05 22:55 186864 c:\windows\system32\PxMas.
+ 2008-02-13 22:16 . 2008-02-13 22:16 121328 c:\windows\system32\pxinsi
+ 2007-06-07 06:02 . 2007-06-07 06:02 535288 c:\windows\system32\pxdrv.
+ 2008-02-13 22:17 . 2008-02-13 22:17 120304 c:\windows\system32\pxcpyi
+ 2007-07-05 22:55 . 2007-07-05 22:55 567792 c:\windows\system32\Px.dll
+ 2005-08-16 10:18 . 2009-07-08 06:18 402406 c:\windows\system32\perfh0
+ 2008-10-16 19:07 . 2008-10-16 19:07 208744 c:\windows\system32\muweb.
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2
+ 2005-08-16 10:18 . 2008-02-26 11:59 294912 c:\windows\system32\msctf.
+ 2005-09-23 12:28 . 2005-09-23 12:28 150016 c:\windows\system32\mscori
+ 2005-08-16 10:27 . 2009-07-08 06:23 234368 c:\windows\system32\FNTCAC
+ 2009-07-08 06:19 . 2007-03-29 12:56 409600 c:\windows\system32\bits\q
+ 2009-07-08 00:13 . 2008-07-09 07:38 382840 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 755576 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 231288 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:10 915456 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 10:47 173056 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:15 915456 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 11:21 173056 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 382840 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 755576 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 231288 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-06-02 08:21 102912 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-06-02 10:12 102912 c:\windows\sd_old\Download
+ 2005-09-23 12:28 . 2005-09-23 12:28 298496 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 823296 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 835584 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 260096 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 114688 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 131072 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 299008 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 368640 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 114176 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 258048 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 700416 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 188416 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 397312 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 884736 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 716800 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 482304 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 389120 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 110592 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 377344 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 107520 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 136192 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 226816 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 330752 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 102400 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 326144 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 288768 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 800768 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 667648 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 372736 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 110592 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 745472 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 647168 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 413696 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:57 . 2005-09-23 12:57 245408 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:01 . 2005-09-23 12:01 609472 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 224952 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 788992 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 547840 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 106496 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 503808 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 106496 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 138240 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 208896 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 183808 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 136192 c:\windows\Microsoft.NET\F
+ 2009-07-08 06:11 . 2009-07-08 06:11 301056 c:\windows\Installer\c602.
+ 2009-07-08 06:20 . 2009-07-08 06:20 684032 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 729088 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 294912 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 659456 c:\windows\assembly\Native
+ 2009-07-08 06:17 . 2009-07-08 06:17 229376 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 512000 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 962560 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 163840 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 880640 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 237568 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 860160 c:\windows\assembly\Native
+ 2009-07-08 06:16 . 2009-07-08 06:16 823296 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 835584 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 114688 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 258048 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 131072 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 299008 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 258048 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 368640 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 700416 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 397312 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 188416 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 884736 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 716800 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 389120 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 110592 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 667648 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 372736 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 110592 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 745472 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 647168 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 413696 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:15 . 2009-07-08 06:15 503808 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 260096 c:\windows\assembly\GAC_32
+ 2009-07-08 06:15 . 2009-07-08 06:15 114176 c:\windows\assembly\GAC_32
+ 2009-07-08 06:15 . 2009-07-08 06:15 258048 c:\windows\assembly\GAC_32
+ 2009-07-08 06:16 . 2009-07-08 06:16 482304 c:\windows\assembly\GAC_32
+ 2007-07-05 22:55 . 2007-07-05 22:55 1649136 c:\windows\system32\PxSFS.
+ 2008-03-20 23:06 . 2008-03-20 23:06 1480232 c:\windows\system32\LegitC
+ 2008-04-25 01:18 . 2008-04-25 01:18 3030568 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:10 5936128 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:15 5936128 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download
+ 2005-09-23 12:28 . 2005-09-23 12:28 1306624 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:29 . 2005-09-23 12:29 1140920 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 2035712 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 5316608 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 5025792 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 3018752 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 5050368 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 2878976 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 5615616 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 4308992 c:\windows\Microsoft.NET\F
+ 2005-09-23 12:28 . 2005-09-23 12:28 1144832 c:\windows\Microsoft.NET\F
+ 2009-07-08 06:16 . 2009-07-08 06:16 2109440 c:\windows\Installer\c618.
+ 2009-07-08 06:17 . 2009-07-08 06:17 8093696 c:\windows\assembly\Native
+ 2009-07-08 06:17 . 2009-07-08 06:17 5640192 c:\windows\assembly\Native
+ 2009-07-08 06:17 . 2009-07-08 06:17 1626112 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 1220608 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 1716224 c:\windows\assembly\Native
+ 2009-07-08 06:17 . 2009-07-08 06:17 6688768 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 1724416 c:\windows\assembly\Native
+ 2009-07-08 06:19 . 2009-07-08 06:19 1691648 c:\windows\assembly\Native
+ 2009-07-08 06:16 . 2009-07-08 06:16 3018752 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 2035712 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 5316608 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 5050368 c:\windows\assembly\GAC_MS
+ 2009-07-08 06:16 . 2009-07-08 06:16 5025792 c:\windows\assembly\GAC_32
+ 2009-07-08 06:16 . 2009-07-08 06:16 2878976 c:\windows\assembly\GAC_32
+ 2009-07-08 06:16 . 2009-07-08 06:16 4308992 c:\windows\assembly\GAC_32
+ 2009-07-08 00:19 . 2009-03-24 05:48 16883056 c:\windows\sd_old\Download
+ 2009-05-01 20:22 . 2009-05-01 20:22 11064832 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 11064832 c:\windows\sd_old\Download
+ 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\F
+ 2009-07-08 06:17 . 2009-07-08 06:17 13107200 c:\windows\assembly\Native
+ 2009-07-08 06:20 . 2009-07-08 06:20 11808768 c:\windows\assembly\Native
+ 2009-07-08 06:18 . 2009-07-08 06:18 10723328 c:\windows\assembly\Native
+ 2009-07-08 06:16 . 2009-07-08 06:16 11415552 c:\windows\assembly\Native
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"MSMSGS"="c:\program files\Messenger\msmsgs.exe
"swg"="c:\program files\Google\GoogleToolbar
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWA
"ehTray"="c:\windows\ehome
"DLCCCATS"="c:\windows\Sys
"MMTray"="c:\program files\Musicmatch\Musicmatc
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.
"QuickTime Task"="c:\program files\QuickTime\qttask.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\Update
[HKEY_USERS\.DEFAULT\Softw
"swg"="c:\program files\Google\GoogleToolbar
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
VPN Client.lnk - c:\windows\Installer\{6DC4
[HKEY_LOCAL_MACHINE\SYSTEM
@=""
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda
backup=c:\windows\pss\Koda
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA
backup=c:\windows\pss\KODA
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr
backup=c:\windows\pss\Micr
[HKLM\~\services\sharedacc
"%windir%\\system32\\sessm
"c:\\Program Files\\Messenger\\msmsgs.e
"c:\\Program Files\\iTunes\\iTunes.exe"
"c:\\Program Files\\Grisoft\\AVG7\\avga
"c:\\Program Files\\Grisoft\\AVG7\\avge
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3
FF - ProfilePath - c:\documents and settings\Tom Cosat\Application Data\Mozilla\Firefox\Profi
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_s
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled",
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabl
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autoc
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.ma
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixels
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_sing
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_scrip
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuff
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
c:\program files\Mozilla Firefox\defaults\pref\fire
.
**************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 01:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi
DLCCCATS = rundll32 c:\windows\System32\spool\
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa
"SymbolicLinkValue"=hex(6)
00,5c,00,4d,00,41,00,43,00
.
Completion time: 2009-07-08 1:59
ComboFix-quarantined-files
ComboFix2.txt 2009-07-08 04:47
ComboFix3.txt 2009-07-08 04:40
ComboFix4.txt 2009-07-07 09:20
ComboFix5.txt 2009-07-08 06:51
Pre-Run: 60,646,686,720 bytes free
Post-Run: 60,655,616,000 bytes free
503 --- E O F --- 2009-07-08 06:09
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
O.K. I just ran Dr Web Cureit and it did find a few more things that it cleaned up..
And here is the 2nd log file...
I can't thank you enough for this help!
ComboFix 09-07-06.02 - Tom Cosat 07/07/2009 23:42.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18. 502.253 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))) )))))
.
2009-07-08 03:14 . 2009-07-08 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03 -------- d-----w- c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcac he\msctf.d ll
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquo ta.exe
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcac he\proquot a.exe
2009-07-07 00:41 . 2009-07-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\driver s\mbamswis sarmy.sys
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\driver s\mbam.sys
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca l Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi neStore
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf 03635
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA vL.sys
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D 6373.sys
2009-07-04 11:24 . 2009-07-03 10:35 4 ---h--w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals pl.dll
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine t.dll
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco de.dll
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k .sys
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4 .dll
.
(((((((((((((((((((((((((( ((( SnapShot@2009-07-07_05.57. 17 )))))))))))))))))))))))))) )))))))))) )))))
.
+ 2005-08-17 03:06 . 2008-07-09 07:38 26488 c:\windows\system32\spupds vcOLD.exe
+ 2005-08-16 10:18 . 2009-07-07 09:11 53436 c:\windows\system32\perfc0 09.dat
- 2005-08-16 10:18 . 2009-07-07 05:48 53436 c:\windows\system32\perfc0 09.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normal iz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl. dll
+ 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudin it.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl. dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 26488 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \spcustom. dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 17272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\spmsg. dll
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \xpshims.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \jsproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \xpshims.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \jsproxy.d ll
+ 2009-07-08 00:13 . 2008-07-08 13:02 26488 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \spcustom. dll
+ 2009-07-08 00:13 . 2008-07-08 13:02 17272 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\spmsg. dll
+ 2009-01-07 23:21 . 2009-01-07 23:21 121856 c:\windows\system32\xmllit e.dll
+ 2005-08-16 10:18 . 2009-07-07 09:11 381692 c:\windows\system32\perfh0 09.dat
- 2005-08-16 10:18 . 2009-07-07 05:48 381692 c:\windows\system32\perfh0 09.dat
+ 2008-10-16 19:07 . 2008-10-16 19:07 208744 c:\windows\system32\muweb. dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2 .dll
+ 2005-08-16 10:18 . 2008-02-26 11:59 294912 c:\windows\system32\msctf. dll
+ 2009-07-08 00:13 . 2008-07-09 07:38 382840 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \updspapi. dll
+ 2009-07-08 00:13 . 2007-11-30 12:39 755576 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\update \update.ex e
+ 2009-07-08 00:13 . 2007-11-30 12:39 231288 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\spunin st.exe
+ 2009-07-08 00:13 . 2009-05-13 05:10 915456 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \wininet.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ieproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \iedkcs32. dll
+ 2009-07-08 00:13 . 2009-04-30 10:47 173056 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ie4uinit. exe
+ 2009-07-08 00:13 . 2009-05-13 05:15 915456 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \wininet.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ieproxy.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \iedkcs32. dll
+ 2009-07-08 00:13 . 2009-04-30 11:21 173056 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ie4uinit. exe
+ 2009-07-08 00:13 . 2008-07-08 13:02 382840 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \updspapi. dll
+ 2009-07-08 00:13 . 2008-07-08 13:02 755576 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\update \update.ex e
+ 2009-07-08 00:13 . 2008-07-08 13:02 231288 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\spunin st.exe
+ 2009-07-08 00:13 . 2009-06-02 08:21 102912 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\SP3QFE \iecompat. dll
+ 2009-07-08 00:13 . 2009-06-02 10:12 102912 c:\windows\sd_old\Download \7b5e86592 de99471f7d a9382ca63f fe3\SP3GDR \iecompat. dll
+ 2008-03-20 23:06 . 2008-03-20 23:06 1480232 c:\windows\system32\LegitC heckContro l.dll
+ 2008-04-25 01:18 . 2008-04-25 01:18 3030568 c:\windows\sd_old\Download \9866fb57a bdc0ea2f5d 4e132d055b a4e\Window sXP-KB9369 29-SP3-Exp ress-x86-E NU.exe
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \urlmon.dl l
+ 2009-07-08 00:13 . 2009-05-13 05:10 5936128 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \mshtml.dl l
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \iertutil. dll
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \urlmon.dl l
+ 2009-07-08 00:13 . 2009-05-13 05:15 5936128 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \mshtml.dl l
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \iertutil. dll
+ 2009-07-08 00:19 . 2009-03-24 05:48 16883056 c:\windows\sd_old\Download \Install\I E8-Windows XP-x86-ENU .exe
+ 2009-05-01 20:22 . 2009-05-01 20:22 11064832 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3QFE \ieframe.d ll
+ 2009-07-08 00:13 . 2009-04-30 21:22 11064832 c:\windows\sd_old\Download \97fe76a20 161cb86e78 057600e7c8 2a0\SP3GDR \ieframe.d ll
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe " [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"ehTray"="c:\windows\ehome \ehtray.ex e" [2005-09-29 67584]
"DLCCCATS"="c:\windows\Sys tem32\spoo l\DRIVERS\ W32X86\3\D LCCtime.dl l" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatc h Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy. exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe " [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
[HKEY_USERS\.DEFAULT\Softw are\Micros oft\Window s\CurrentV ersion\Run ]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-06-16 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC4 7739-3BB0- 4494-A43D- 193BF54070 AE}\Icon3E 5562ED7.ic o [2008-11-22 6144]
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Koda k EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda k EasyShare software.lnk
backup=c:\windows\pss\Koda k EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^KODA K Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA K Software Updater.lnk
backup=c:\windows\pss\KODA K Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^D ocuments and Settings^All Users^Start Menu^Programs^Startup^Micr osoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr osoft Office.lnk
backup=c:\windows\pss\Micr osoft Office.lnkCommon Startup
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile\Auth orizedAppl ications\L ist]
"%windir%\\system32\\sessm gr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.e xe"=
"c:\\Program Files\\iTunes\\iTunes.exe" =
"c:\\Program Files\\Grisoft\\AVG7\\avga msvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avge mc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e xe"=
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3 19559290BF A} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 23:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
DLCCCATS = rundll32 c:\windows\System32\spool\ DRIVERS\W3 2X86\3\DLC Ctime.dll, _RunDLLEnt ry@16????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ?????????? ????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa re\Determi nisticNetw orks\DNE\P arameters]
"SymbolicLinkValue"=hex(6) :5c,00,52, 00,65,00,6 7,00,69,00 ,73,00,74, 00,72,00,7 9,
00,5c,00,4d,00,41,00,43,00 ,48,00,49, 00,4e,00,4 5,00,5c,00 ,53,00,79, 00,73,00,\
.
Completion time: 2009-07-08 23:47
ComboFix-quarantined-files .txt 2009-07-08 04:47
ComboFix2.txt 2009-07-08 04:40
ComboFix3.txt 2009-07-07 09:20
ComboFix4.txt 2009-07-07 08:50
ComboFix5.txt 2009-07-08 04:42
Pre-Run: 61,622,697,984 bytes free
Post-Run: 61,608,017,920 bytes free
172
And here is the 2nd log file...
I can't thank you enough for this help!
ComboFix 09-07-06.02 - Tom Cosat 07/07/2009 23:42.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))
.
2009-07-08 03:14 . 2009-07-08 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03 -------- d-----w- c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15 -------- d-----w- c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcac
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquo
2009-07-07 05:55 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcac
2009-07-07 00:41 . 2009-07-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\driver
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\driver
2009-07-04 23:41 . 2009-07-04 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40 -------- d-----w- c:\documents and settings\LocalService\Loca
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09 -------- d-----w- c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48 -------- d-----w- c:\windows\system32\MpEngi
2009-07-04 15:47 . 2009-07-04 15:47 -------- d-----w- C:\2dea2e97758a8ce4bbf4ecf
2009-07-04 15:46 . 2009-07-04 15:46 -------- d-----w- c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44 -------- d-----w- c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16 -------- d-----w- c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27 -------- d-sh--w- c:\windows\System Volume Information
.
((((((((((((((((((((((((((
.
2009-07-06 21:24 . 2005-12-03 18:27 -------- d-----w- c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04 4184 --sha-w- c:\windows\system32\KGyGaA
2009-07-04 18:02 . 2005-12-03 21:04 104 --sh--r- c:\windows\system32\3D9C5D
2009-07-04 11:24 . 2009-07-03 10:35 4 ---h--w- c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\locals
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\winine
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieenco
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4
.
((((((((((((((((((((((((((
.
+ 2005-08-17 03:06 . 2008-07-09 07:38 26488 c:\windows\system32\spupds
+ 2005-08-16 10:18 . 2009-07-07 09:11 53436 c:\windows\system32\perfc0
- 2005-08-16 10:18 . 2009-07-07 05:48 53436 c:\windows\system32\perfc0
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normal
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.
+ 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudin
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.
+ 2009-07-08 00:13 . 2007-11-30 12:39 26488 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 17272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 12800 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 25600 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 26488 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 17272 c:\windows\sd_old\Download
+ 2009-01-07 23:21 . 2009-01-07 23:21 121856 c:\windows\system32\xmllit
+ 2005-08-16 10:18 . 2009-07-07 09:11 381692 c:\windows\system32\perfh0
- 2005-08-16 10:18 . 2009-07-07 05:48 381692 c:\windows\system32\perfh0
+ 2008-10-16 19:07 . 2008-10-16 19:07 208744 c:\windows\system32\muweb.
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2
+ 2005-08-16 10:18 . 2008-02-26 11:59 294912 c:\windows\system32\msctf.
+ 2009-07-08 00:13 . 2008-07-09 07:38 382840 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 755576 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2007-11-30 12:39 231288 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:10 915456 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 10:47 173056 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:15 915456 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 246272 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 385536 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 11:21 173056 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 382840 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 755576 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2008-07-08 13:02 231288 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-06-02 08:21 102912 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-06-02 10:12 102912 c:\windows\sd_old\Download
+ 2008-03-20 23:06 . 2008-03-20 23:06 1480232 c:\windows\system32\LegitC
+ 2008-04-25 01:18 . 2008-04-25 01:18 3030568 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:10 5936128 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1207808 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-05-13 05:15 5936128 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 1985024 c:\windows\sd_old\Download
+ 2009-07-08 00:19 . 2009-03-24 05:48 16883056 c:\windows\sd_old\Download
+ 2009-05-01 20:22 . 2009-05-01 20:22 11064832 c:\windows\sd_old\Download
+ 2009-07-08 00:13 . 2009-04-30 21:22 11064832 c:\windows\sd_old\Download
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"MSMSGS"="c:\program files\Messenger\msmsgs.exe
"swg"="c:\program files\Google\GoogleToolbar
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWA
"ehTray"="c:\windows\ehome
"DLCCCATS"="c:\windows\Sys
"MMTray"="c:\program files\Musicmatch\Musicmatc
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.
"QuickTime Task"="c:\program files\QuickTime\qttask.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
[HKEY_USERS\.DEFAULT\Softw
"swg"="c:\program files\Google\GoogleToolbar
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
VPN Client.lnk - c:\windows\Installer\{6DC4
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Koda
backup=c:\windows\pss\Koda
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODA
backup=c:\windows\pss\KODA
[HKLM\~\startupfolder\C:^D
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Micr
backup=c:\windows\pss\Micr
[HKLM\~\services\sharedacc
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc
"%windir%\\system32\\sessm
"c:\\Program Files\\Messenger\\msmsgs.e
"c:\\Program Files\\iTunes\\iTunes.exe"
"c:\\Program Files\\Grisoft\\AVG7\\avga
"c:\\Program Files\\Grisoft\\AVG7\\avge
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.e
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-3
.
**************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 23:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Wi
DLCCCATS = rundll32 c:\windows\System32\spool\
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\softwa
"SymbolicLinkValue"=hex(6)
00,5c,00,4d,00,41,00,43,00
.
Completion time: 2009-07-08 23:47
ComboFix-quarantined-files
ComboFix2.txt 2009-07-08 04:40
ComboFix3.txt 2009-07-07 09:20
ComboFix4.txt 2009-07-07 08:50
ComboFix5.txt 2009-07-08 04:42
Pre-Run: 61,622,697,984 bytes free
Post-Run: 61,608,017,920 bytes free
172
I would go ahead and try a repair by booting from the windows CD, after it runs go ahead and do a microsoft update - hopefully it works
ASKER
Very helpful and nice person. Thanks SO much for the time and help. It's users like her that are why I continue to be a member.
I'm so sorry to have missed posting back here.
The CFscript still wasn't run but I'm glad to know that DrWebCureIt found and removed some threats.
Please uninstall Combofix, specially that's now more than 2 months old. Combofix is updated quite often and there had been a few updates since then.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thank you for using Experts-Exchange!
The CFscript still wasn't run but I'm glad to know that DrWebCureIt found and removed some threats.
Please uninstall Combofix, specially that's now more than 2 months old. Combofix is updated quite often and there had been a few updates since then.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thank you for using Experts-Exchange!
We came across this many times, so don't waste your time and effort trying to repair this PC. I truly recommend you backup the critical files on the hard drive and do a complete Dell system restore. This way, you know the virus\spyware is completely removed.
If you are lucky, some Dell models have the Control + F11 system restore feature.
http://www.ehow.com/how_2184092_perform-dell-system-restore.html