Google Hijack

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Hi,
I think I have a browser hijacker. When I click on websites I have found through Google it reroutes me to places I don't want to be. I downloaded and ran hijackthis and will post my file below. I also downloaded and ran Ad-Aware and Malwarebytes but it is still doing it so I really need your help...
Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:50 PM, on 6/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_U...mp;c=Q4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\os3adpj0g.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9580 bytes

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Welcome to Lockergnome.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKCU\..\Run: [] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\os3adpj0g.exe

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

gawilson01 · Joined: Jun 29, 2009 Posts: 13

I am running the AVG anti virus program and it shows several trojans (It has been scanning for over 2 hours). Should I wait until that is done and has them quarantined before doing the things you mentioned above?

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Here is the log as requested. Please let me know if there is anything else I need to do.
Thanks

ComboFix 09-06-29.02 - Compaq_Administrator 06/29/2009 19:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.453 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\sys
c:\windows\system32\drivers\SKYNETovnrjiyc.sys
c:\windows\system32\SKYNETblxrmepl.dll
c:\windows\system32\SKYNEThtkioasr.dat
c:\windows\system32\SKYNETnvmqwuwb.dll
c:\windows\system32\SKYNETqqhwgkvx.dat
D:\Autorun.inf
D:\Desktop.ini

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETscijpwyd
-------\Legacy_SYS
-------\Legacy_SYSDRV

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 22:36 . 2009-06-30 00:39 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-29 22:14 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 22:12 . 2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 22:12 . 2009-06-29 22:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 22:12 . 2009-06-29 22:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 22:12 . 2009-06-29 22:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 22:12 . 2009-06-29 22:14 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-29 22:12 . 2009-06-30 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\program files\AVG
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 22:03 . 2009-06-29 22:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\.housecall6.6
2009-06-29 20:42 . 2009-06-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 18:47 . 2009-06-29 18:47 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 18:46 . 2009-06-29 18:46 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 18:46 . 2009-06-29 18:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-29 18:46 . 2009-06-29 18:46 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 18:45 . 2009-06-29 18:45 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 18:44 . 2009-06-29 18:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 18:39 . 2009-06-29 18:39 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 18:38 . 2009-06-29 18:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 18:37 . 2009-06-29 18:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 18:37 . 2009-06-29 18:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 18:36 . 2009-06-29 18:36 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 18:34 . 2009-06-29 18:34 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 18:33 . 2009-06-29 18:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 18:32 . 2009-06-29 18:32 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 17:02 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 16:48 . 2009-06-26 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 16:48 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 16:48 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 16:48 . 2009-06-26 16:48 -------- d-----w- c:\program files\Lavasoft
2009-06-26 16:13 . 2009-06-26 16:13 -------- d-----w- c:\program files\Trend Micro
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:15 . 2009-06-25 20:15 -------- d-sh--w- c:\windows\System Volume Information
2009-06-24 22:58 . 2009-06-24 22:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-23 14:51 . 2009-06-25 23:57 -------- d-----w- C:\ProgramData
2009-06-23 14:51 . 2009-06-23 16:52 -------- d-----w- c:\program files\Angle Interactive
2009-06-16 04:10 . 2009-06-16 04:10 -------- d-----w- C:\Majestic Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 20:28 . 2009-05-05 22:34 -------- d-----w- c:\program files\Coupons
2009-06-25 20:25 . 2008-11-25 01:14 -------- d-----w- c:\program files\NOS
2009-06-25 20:25 . 2008-11-25 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-25 20:22 . 2005-08-14 22:57 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-25 20:22 . 2005-08-14 22:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-25 20:21 . 2005-08-14 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:20 . 2005-12-20 01:41 -------- d-----w- c:\program files\Common Files\AOL
2009-06-23 20:49 . 2005-12-08 05:46 29348 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-06-22 16:37 . 2005-12-20 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-13 16:04 . 2008-09-19 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-02 00:10 . 2008-08-04 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\RCP 5
2009-05-20 13:54 . 2009-05-20 13:54 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 08:35 . 2009-06-22 16:37 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
2009-05-07 15:44 . 2004-08-10 19:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-10 19:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 18:19 . 2006-06-15 00:57 256768 ----a-w- c:\windows\system32\unicows.dll
2009-04-17 09:58 . 2004-08-10 19:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 19:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-12-06 07:52 . 2005-12-06 07:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-12-3 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 9:50 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/29/2009 3:12 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/29/2009 3:12 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 3:11 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 951632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:44 PM 24652]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 12:27 PM 558592]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-PCDrProfiler - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 19:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1281164360-1210841216-1824371548-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A46A6CD-48DD-C990-FFBF-9494B5E0B9C7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajjangcmh"=hex:66,61,64,6a,6d,63,62,6b,69,66,69,62,00,31
"dakjbmcl"=hex:64,62,66,6d,6b,65,61,63,70,66,65,6c,6c,70,62,61,6c,63,61,6c,63,
6f,64,6c,65,67,64,66,6b,63,61,69,67,6e,61,6c,6d,62,70,6b,00,00
"iabmifgagogimegnmj"=hex:69,61,63,6e,68,6e,67,67,6c,62,62,68,6f,6a,67,64,70,68,
00,00
"hallkdeeagmhobla"=hex:69,61,6d,6e,66,6d,67,6a,68,61,62,70,62,61,69,68,63,68,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Dell AIO Printer A960\dlbfbmon.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-30 19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 02:33

Pre-Run: 206,316,756,992 bytes free
Post-Run: 206,509,678,592 bytes free

238 --- E O F --- 2009-06-14 16:10

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Uninstall Viewpoint via the Add/Remove Programs unless you use it. It's usually bundled with AOL/AIM software.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Hi,
Thanks for your help so far. It does seem as if things are improving. My browser doesn't appear to be getting hijacked anymore but my comp probably still has other problems so any help is appreciated.
Here is the second log as requested:
ComboFix 09-07-02.02 - Compaq_Administrator 07/02/2009 19:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.592 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2325ae.msp
c:\windows\Installer\55701.msi
c:\windows\Installer\650544.msp
c:\windows\Installer\650547.msp
c:\windows\Installer\a9b966.msp

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-01 15:27 . 2009-06-29 22:11 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-30 02:50 . 2009-06-30 02:50 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 02:46 . 2009-06-30 02:46 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 02:45 . 2009-06-30 02:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-30 02:44 . 2009-06-30 02:44 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 02:44 . 2009-06-30 02:44 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-29 22:36 . 2009-06-30 21:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-29 22:14 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 22:12 . 2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 22:12 . 2009-06-29 22:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 22:12 . 2009-06-29 22:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 22:12 . 2009-06-29 22:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 22:12 . 2009-07-03 01:21 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-29 22:12 . 2009-06-30 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\program files\AVG
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 22:03 . 2009-06-29 22:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\.housecall6.6
2009-06-29 20:42 . 2009-06-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 18:47 . 2009-06-29 18:47 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 18:46 . 2009-06-29 18:46 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 18:46 . 2009-06-29 18:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-29 18:46 . 2009-06-29 18:46 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 18:45 . 2009-06-29 18:45 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 18:44 . 2009-06-29 18:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 18:39 . 2009-06-29 18:39 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 18:38 . 2009-06-29 18:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 18:37 . 2009-06-29 18:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 18:37 . 2009-06-29 18:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 18:36 . 2009-06-29 18:36 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 18:34 . 2009-06-29 18:34 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 18:33 . 2009-06-29 18:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 18:32 . 2009-06-29 18:32 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 17:02 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2009-06-30 02:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 16:48 . 2009-06-26 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 16:48 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 16:48 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 16:48 . 2009-06-26 16:48 -------- d-----w- c:\program files\Lavasoft
2009-06-26 16:13 . 2009-06-26 16:13 -------- d-----w- c:\program files\Trend Micro
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:15 . 2009-06-25 20:15 -------- d-sh--w- c:\windows\System Volume Information
2009-06-24 22:58 . 2009-06-24 22:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-23 14:51 . 2009-06-25 23:57 -------- d-----w- C:\ProgramData
2009-06-23 14:51 . 2009-06-23 16:52 -------- d-----w- c:\program files\Angle Interactive
2009-06-16 04:10 . 2009-06-16 04:10 -------- d-----w- C:\Majestic Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 01:48 . 2005-12-20 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-01 18:14 . 2005-12-08 05:46 29348 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-06-25 20:28 . 2009-05-05 22:34 -------- d-----w- c:\program files\Coupons
2009-06-25 20:25 . 2008-11-25 01:14 -------- d-----w- c:\program files\NOS
2009-06-25 20:25 . 2008-11-25 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-25 20:22 . 2005-08-14 22:57 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-25 20:22 . 2005-08-14 22:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-25 20:21 . 2005-08-14 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:20 . 2005-12-20 01:41 -------- d-----w- c:\program files\Common Files\AOL
2009-06-22 16:37 . 2005-12-20 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-13 16:04 . 2008-09-19 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-02 00:10 . 2008-08-04 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\RCP 5
2009-05-20 13:54 . 2009-05-20 13:54 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 08:35 . 2009-06-22 16:37 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
2009-05-07 15:44 . 2004-08-10 19:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-10 19:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 18:19 . 2006-06-15 00:57 256768 ----a-w- c:\windows\system32\unicows.dll
2009-04-17 09:58 . 2004-08-10 19:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 19:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-12-06 07:52 . 2005-12-06 07:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot DeleteThis @2009-06-30_02.25.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 02:53 . 2009-06-30 02:45 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-06-30 02:41 . 2009-07-02 22:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-17 03:21 . 2009-06-30 02:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-17 03:21 . 2009-07-02 22:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-11-17 03:21 . 2009-06-30 02:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-11-17 03:21 . 2009-07-02 22:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-19 19:08 . 2008-09-19 19:08 48128 c:\windows\Installer\fac79e6.msi
+ 2008-04-12 10:12 . 2008-04-12 10:12 86528 c:\windows\Installer\f712c09.msi
+ 2009-04-30 21:32 . 2009-04-30 21:32 24064 c:\windows\Installer\bcfca68.msi
+ 2005-08-14 23:20 . 2005-08-14 23:20 85504 c:\windows\Installer\34f5e.msi
+ 2009-01-15 14:15 . 2009-01-15 14:15 23552 c:\windows\Installer\2b4b620.msi
+ 2005-12-02 23:36 . 2005-12-02 23:36 92160 c:\windows\Installer\24c89.msi
+ 2005-08-14 17:22 . 2004-08-10 12:00 66048 c:\windows\I386\WINNT32.MSI
+ 2008-09-19 19:08 . 2008-09-19 19:08 501248 c:\windows\Installer\fac7a0e.msi
+ 2008-09-19 19:08 . 2008-09-19 19:08 506880 c:\windows\Installer\fac7a08.msi
+ 2008-09-19 19:08 . 2008-09-19 19:08 516608 c:\windows\Installer\fac7a00.msi
+ 2008-09-19 19:08 . 2008-09-19 19:08 513024 c:\windows\Installer\fac79f2.msi
+ 2008-09-19 19:07 . 2008-09-19 19:07 501248 c:\windows\Installer\fac79ca.msi
+ 2007-11-07 22:07 . 2007-11-07 22:07 999936 c:\windows\Installer\f712c12.msp
+ 2007-11-07 21:56 . 2007-11-07 21:56 553472 c:\windows\Installer\f712c0f.msp
+ 2007-11-07 21:58 . 2007-11-07 21:58 908800 c:\windows\Installer\f712c0b.msp
+ 2007-11-07 21:54 . 2007-11-07 21:54 507392 c:\windows\Installer\f712c0a.msp
+ 2008-11-11 11:01 . 2008-11-11 11:01 432640 c:\windows\Installer\c76b262.msi
+ 2006-11-16 11:01 . 2006-11-16 11:01 428544 c:\windows\Installer\805e321.msi
+ 2009-03-06 11:01 . 2009-03-06 11:01 140288 c:\windows\Installer\7fe14e0.msi
+ 2008-02-12 21:53 . 2008-02-12 21:53 282624 c:\windows\Installer\631a608.msi
+ 2008-07-02 18:15 . 2008-07-02 18:15 532992 c:\windows\Installer\5ec13fd.msi
+ 2008-07-16 16:10 . 2008-07-16 16:10 331264 c:\windows\Installer\519f120.msi
+ 2009-06-26 16:48 . 2009-06-26 16:48 236032 c:\windows\Installer\3d38085.msi
+ 2008-06-11 21:02 . 2008-06-11 21:02 830464 c:\windows\Installer\3a7efea.msp
+ 2006-01-10 02:04 . 2006-01-10 02:04 123904 c:\windows\Installer\2911b90.msi
+ 2006-01-10 02:04 . 2006-01-10 02:04 123904 c:\windows\Installer\2911b8a.msi
+ 2006-01-10 02:03 . 2006-01-10 02:03 123904 c:\windows\Installer\2911b84.msi
+ 2008-02-24 11:01 . 2008-02-24 11:01 470528 c:\windows\Installer\28003439.msi
+ 2007-08-15 10:01 . 2007-08-15 10:01 431104 c:\windows\Installer\212a94f4.msi
+ 2005-08-14 22:49 . 2005-08-14 22:49 320512 c:\windows\Installer\1f3fe.msi
+ 2005-08-14 22:49 . 2005-08-14 22:49 746496 c:\windows\Installer\1f3f8.msi
+ 2005-08-14 22:47 . 2005-08-14 22:47 246784 c:\windows\Installer\1f37b.msi
+ 2005-08-14 22:43 . 2005-08-14 22:43 227328 c:\windows\Installer\1f375.msi
+ 2009-05-27 01:53 . 2009-05-27 01:53 579072 c:\windows\Installer\152a41c.msp
+ 2007-10-15 06:44 . 2007-10-15 06:44 324608 c:\windows\Installer\12defe14.msp
+ 2007-10-15 06:46 . 2007-10-15 06:46 324608 c:\windows\Installer\12defe0d.msp
+ 2004-11-17 11:37 . 2004-11-17 11:37 264704 c:\windows\Installer\123d3.msi
+ 2004-08-10 19:00 . 2004-08-10 19:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-05-25 19:08 . 2007-05-25 19:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-09-19 19:08 . 2008-09-19 19:08 1652736 c:\windows\Installer\fac7a14.msi
+ 2008-09-19 19:07 . 2008-09-19 19:07 1640960 c:\windows\Installer\fac79dc.msi
+ 2008-09-19 19:07 . 2008-09-19 19:07 2022912 c:\windows\Installer\fac79d6.msi
+ 2008-09-19 19:07 . 2008-09-19 19:07 1713152 c:\windows\Installer\fac79d0.msi
+ 2008-09-19 19:07 . 2008-09-19 19:07 2397184 c:\windows\Installer\fac79c4.msi
+ 2007-11-07 21:50 . 2007-11-07 21:50 6055936 c:\windows\Installer\f712c11.msp
+ 2007-11-07 22:00 . 2007-11-07 22:00 3407360 c:\windows\Installer\f712c10.msp
+ 2007-11-07 21:46 . 2007-11-07 21:46 3010560 c:\windows\Installer\f712c0e.msp
+ 2007-11-07 22:02 . 2007-11-07 22:02 6473216 c:\windows\Installer\f712c0d.msp
+ 2007-11-07 22:12 . 2007-11-07 22:12 2533376 c:\windows\Installer\f712c0c.msp
+ 2008-10-20 18:19 . 2008-10-20 18:19 5100032 c:\windows\Installer\c76b2aa.msp
+ 2008-10-25 17:15 . 2008-10-25 17:15 6227456 c:\windows\Installer\c76b287.msp
+ 2008-10-17 17:03 . 2008-10-17 17:03 5518336 c:\windows\Installer\c76b274.msp
+ 2009-01-08 04:25 . 2009-01-08 04:25 5046784 c:\windows\Installer\c753f76.msp
+ 2009-01-14 23:43 . 2009-01-14 23:43 5520384 c:\windows\Installer\c753f64.msp
+ 2009-02-17 01:11 . 2009-02-17 01:11 3309568 c:\windows\Installer\afab181.msi
+ 2009-05-01 22:49 . 2009-05-01 22:49 4328960 c:\windows\Installer\a4f6eca.msp
+ 2009-04-24 19:28 . 2009-04-24 19:28 4450816 c:\windows\Installer\a4f6eb6.msp
+ 2008-05-15 16:50 . 2008-05-15 16:50 5515776 c:\windows\Installer\9c4aaf7.msp
+ 2009-02-11 22:02 . 2009-02-11 22:02 5519872 c:\windows\Installer\99a132a.msp
+ 2009-02-07 06:31 . 2009-02-07 06:31 5047808 c:\windows\Installer\99a1317.msp
+ 2008-08-14 22:01 . 2008-08-14 22:01 5517312 c:\windows\Installer\97a87b7.msp
+ 2009-03-05 22:40 . 2009-03-05 22:40 6819840 c:\windows\Installer\8599254.msp
+ 2005-12-03 07:37 . 2005-12-03 07:37 5864960 c:\windows\Installer\7b6274.msp
+ 2008-06-10 21:09 . 2008-06-10 21:09 5517312 c:\windows\Installer\6e8d328.msp
+ 2005-08-14 23:06 . 2005-08-14 23:06 1328128 c:\windows\Installer\5caaf.msi
+ 2005-08-14 23:05 . 2005-08-14 23:05 5107712 c:\windows\Installer\5caa5.msi
+ 2008-02-15 21:57 . 2008-02-15 21:57 5517312 c:\windows\Installer\5720c.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\4302a43.msp
+ 2009-03-28 16:50 . 2009-03-28 16:50 5025792 c:\windows\Installer\4302a32.msp
+ 2009-04-07 00:00 . 2009-04-07 00:00 5518336 c:\windows\Installer\4302a20.msp
+ 2009-06-26 16:48 . 2009-06-26 16:48 1802240 c:\windows\Installer\3d3808b.msi
+ 2008-06-11 22:05 . 2008-06-11 22:05 9994240 c:\windows\Installer\3a7f078.msp
+ 2008-01-31 17:30 . 2008-01-31 17:30 9947648 c:\windows\Installer\3a7f03b.msp
+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\3a7f021.msp
+ 2008-07-08 18:27 . 2008-07-08 18:27 8436736 c:\windows\Installer\3a7effd.msp
+ 2007-11-08 18:42 . 2007-11-08 18:42 4158464 c:\windows\Installer\3a7efc4.msp
+ 2005-08-14 22:21 . 2005-08-14 22:21 3443712 c:\windows\Installer\38b7f.msi
+ 2008-11-19 20:13 . 2008-11-19 20:13 8989696 c:\windows\Installer\2b139879.msi
+ 2008-11-19 20:00 . 2008-11-19 20:00 2329600 c:\windows\Installer\2b13950d.msi
+ 2005-10-26 22:59 . 2005-10-26 22:59 2883072 c:\windows\Installer\2800344b.msp
+ 2008-01-25 23:29 . 2008-01-25 23:29 5514752 c:\windows\Installer\28003432.msp
+ 2008-02-12 04:39 . 2008-02-12 04:39 3620864 c:\windows\Installer\27e526b.msi
+ 2008-04-18 21:26 . 2008-04-18 21:26 5518336 c:\windows\Installer\2478d88.msp
+ 2008-11-20 22:48 . 2008-11-20 22:48 5097472 c:\windows\Installer\209bc93.msp
+ 2005-08-14 22:54 . 2005-08-14 22:54 4716032 c:\windows\Installer\1f42a.msi
+ 2005-08-14 22:53 . 2005-08-14 22:53 4806656 c:\windows\Installer\1f425.msi
+ 2005-08-14 22:43 . 2005-08-14 22:43 1104896 c:\windows\Installer\1f2ca.msi
+ 2008-07-16 17:39 . 2008-07-16 17:39 5519360 c:\windows\Installer\1e8848d.msp
+ 2008-10-23 06:43 . 2008-10-23 06:43 6820352 c:\windows\Installer\1cc02004.msp
+ 2008-10-23 06:48 . 2008-10-23 06:48 7672832 c:\windows\Installer\1cc01fde.msp
+ 2008-11-13 10:57 . 2008-11-13 10:57 5099520 c:\windows\Installer\1cc01fcb.msp
+ 2008-11-05 22:25 . 2008-11-05 22:25 5518336 c:\windows\Installer\1cc01fb9.msp
+ 2008-10-20 18:18 . 2008-10-20 18:18 6474240 c:\windows\Installer\1cc01fa6.msp
+ 2008-03-17 00:11 . 2008-03-17 00:11 5512704 c:\windows\Installer\17dd8423.msp
+ 2008-12-12 19:09 . 2008-12-12 19:09 5517824 c:\windows\Installer\17804f3c.msp
+ 2008-09-02 18:42 . 2008-09-02 18:42 5104640 c:\windows\Installer\17752f8f.msp
+ 2008-09-05 20:08 . 2008-09-05 20:08 5515776 c:\windows\Installer\17752f58.msp
+ 2009-05-04 14:46 . 2009-05-04 14:46 8299008 c:\windows\Installer\152a48e.msp
+ 2009-05-12 20:01 . 2009-05-12 20:01 6818816 c:\windows\Installer\152a47b.msp
+ 2009-05-04 14:47 . 2009-05-04 14:47 9124864 c:\windows\Installer\152a468.msp
+ 2009-04-24 19:30 . 2009-04-24 19:30 2583552 c:\windows\Installer\152a455.msp
+ 2009-05-28 19:32 . 2009-05-28 19:32 5518848 c:\windows\Installer\152a441.msp
+ 2009-05-07 16:17 . 2009-05-07 16:17 5026816 c:\windows\Installer\152a42e.msp
+ 2009-04-24 00:57 . 2009-04-24 00:57 7672832 c:\windows\Installer\152a40a.msp
+ 2009-04-24 19:29 . 2009-04-24 19:29 9013760 c:\windows\Installer\152a3f7.msp
+ 2008-02-15 15:54 . 2008-02-15 15:54 9736192 c:\windows\Installer\12defea8.msp
+ 2008-08-20 21:37 . 2008-08-20 21:37 5107712 c:\windows\Installer\12defe84.msp
+ 2008-04-12 01:48 . 2008-04-12 01:48 6774272 c:\windows\Installer\12defe28.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 5749760 c:\windows\Installer\12defde9.msp
+ 2008-04-18 21:56 . 2008-04-18 21:56 6215680 c:\windows\Installer\12defd4a.msp
+ 2007-06-01 22:54 . 2007-06-01 22:54 9626624 c:\windows\Installer\12defd37.msp
+ 2005-12-02 23:33 . 2005-08-14 22:26 10331648 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}\J2SE Runtime Environment 5.0.msi
+ 2008-02-13 06:02 . 2006-07-30 04:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2008-09-19 19:10 . 2008-09-19 19:10 10988544 c:\windows\Installer\fac7a45.msi
+ 2008-09-24 20:05 . 2008-09-24 20:05 16381440 c:\windows\Installer\c76b298.msp
+ 2008-07-30 15:50 . 2008-07-30 15:50 12506112 c:\windows\Installer\97a87dd.msp
+ 2008-06-04 20:29 . 2008-06-04 20:29 16905728 c:\windows\Installer\97a87ca.msp
+ 2009-02-26 02:05 . 2009-02-26 02:05 11840000 c:\windows\Installer\8599278.msp
+ 2009-02-26 02:07 . 2009-02-26 02:07 11646464 c:\windows\Installer\8599266.msp
+ 2005-08-14 22:21 . 2005-08-14 22:21 19210240 c:\windows\Installer\44bf4.msp
+ 2008-07-08 17:09 . 2008-07-08 17:09 11887616 c:\windows\Installer\3a7f061.msp
+ 2008-03-01 05:09 . 2008-03-01 05:09 16907776 c:\windows\Installer\3a7f04e.msp
+ 2008-01-14 22:24 . 2008-01-14 22:24 10721280 c:\windows\Installer\3a7f00f.msp
+ 2008-07-01 16:25 . 2008-07-01 16:25 11814912 c:\windows\Installer\3a7efd7.msp
+ 2009-05-04 14:49 . 2009-05-04 14:49 10955776 c:\windows\Installer\2e9f8.msp
+ 2008-10-20 18:22 . 2008-10-20 18:22 11758592 c:\windows\Installer\1cc02028.msp
+ 2008-10-20 18:21 . 2008-10-20 18:21 11937280 c:\windows\Installer\1cc02016.msp
+ 2008-10-20 18:16 . 2008-10-20 18:16 13211648 c:\windows\Installer\1cc01ff1.msp
+ 2008-08-13 21:49 . 2008-08-13 21:49 11816960 c:\windows\Installer\17752f7d.msp
+ 2008-07-30 06:20 . 2008-07-30 06:20 11767296 c:\windows\Installer\17752f6a.msp
+ 2008-07-30 06:18 . 2008-07-30 06:18 11933184 c:\windows\Installer\17752f45.msp
+ 2007-07-11 10:02 . 2007-07-11 10:02 15256576 c:\windows\Installer\15e9ea94.msp
+ 2008-07-03 18:36 . 2008-07-03 18:36 11937792 c:\windows\Installer\12defe97.msp
+ 2008-08-11 18:51 . 2008-08-11 18:51 15916544 c:\windows\Installer\12defe72.msp
+ 2008-04-12 01:07 . 2008-04-12 01:07 13257728 c:\windows\Installer\12defe60.msp
+ 2008-07-03 18:37 . 2008-07-03 18:37 11759104 c:\windows\Installer\12defe4c.msp
+ 2008-08-11 18:49 . 2008-08-11 18:49 22457344 c:\windows\Installer\12defe3a.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 12743168 c:\windows\Installer\12defdfb.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 21981184 c:\windows\Installer\12defdd0.msp
+ 2008-05-21 08:30 . 2008-05-21 08:30 14308864 c:\windows\Installer\12defd5b.msp
+ 2005-08-14 22:55 . 2005-08-14 22:55 20156928 c:\windows\Downloaded Installations\{E06F0F1A-F88E-4523-8B5B-403AA5AE1DBC}\iTunes.msi
+ 2009-06-16 04:10 . 2009-06-16 04:10 14807552 c:\windows\Downloaded Installations\{4DE36D2C-5764-4F90-B557-C1ECFFA51192}\Kingdom Hall Schedules.msi
+ 2007-07-27 16:03 . 2007-07-27 16:03 119977472 c:\windows\Installer\12e2829.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 229852160 c:\windows\Installer\12defdc8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-12-3 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 9:50 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/29/2009 3:12 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/29/2009 3:12 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 3:11 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 12:27 PM 558592]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 19:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1281164360-1210841216-1824371548-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A46A6CD-48DD-C990-FFBF-9494B5E0B9C7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eajjangcmh"=hex:66,61,64,6a,6d,63,62,6b,69,66,69,62,00,31
"dakjbmcl"=hex:64,62,66,6d,6b,65,61,63,70,66,65,6c,6c,70,62,61,6c,63,61,6c,63,
6f,64,6c,65,67,64,66,6b,63,61,69,67,6e,61,6c,6d,62,70,6b,00,00
"iabmifgagogimegnmj"=hex:69,61,63,6e,68,6e,67,67,6c,62,62,68,6f,6a,67,64,70,68,
00,00
"hallkdeeagmhobla"=hex:69,61,6d,6e,66,6d,67,6a,68,61,62,70,62,61,69,68,63,68,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Dell AIO Printer A960\dlbfbmon.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-03 19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 02:16
ComboFix2.txt 2009-06-30 02:34

Pre-Run: 206,057,717,760 bytes free
Post-Run: 206,285,778,944 bytes free

390 --- E O F --- 2009-06-14 16:10

Thanks again!

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

gawilson01 · Joined: Jun 29, 2009 Posts: 13

In your above post it seemed as if the line under the quote box was probably supposed to be included so I paste it in to note pad as well. If that was incorrect I am sorry and will redo it...just let me know.
Also, I did the scan as requested and it is asking me to insert my Windows XP Professional CD2 to copy files to the DLL Cache but I don't have XP Professional I have XP Home. Not sure what I should do...please advise!

ComboFix 09-07-03.03 - Compaq_Administrator 07/03/2009 14:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.518 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-01 15:27 . 2009-06-29 22:11 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-30 02:50 . 2009-06-30 02:50 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 02:46 . 2009-06-30 02:46 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 02:45 . 2009-06-30 02:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-30 02:44 . 2009-06-30 02:44 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 02:44 . 2009-06-30 02:44 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-29 22:36 . 2009-06-30 21:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-29 22:14 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 22:12 . 2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 22:12 . 2009-06-29 22:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 22:12 . 2009-06-29 22:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 22:12 . 2009-06-29 22:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 22:12 . 2009-07-03 16:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-29 22:12 . 2009-06-30 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\program files\AVG
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 22:03 . 2009-06-29 22:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\.housecall6.6
2009-06-29 20:42 . 2009-06-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 18:47 . 2009-06-29 18:47 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 18:46 . 2009-06-29 18:46 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 18:46 . 2009-06-29 18:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-29 18:46 . 2009-06-29 18:46 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 18:45 . 2009-06-29 18:45 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 18:44 . 2009-06-29 18:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 18:39 . 2009-06-29 18:39 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 18:38 . 2009-06-29 18:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 18:37 . 2009-06-29 18:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 18:37 . 2009-06-29 18:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 18:36 . 2009-06-29 18:36 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 18:34 . 2009-06-29 18:34 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 18:33 . 2009-06-29 18:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 18:32 . 2009-06-29 18:32 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 17:02 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2009-06-30 02:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 16:48 . 2009-06-26 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 16:48 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 16:48 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 16:48 . 2009-06-26 16:48 -------- d-----w- c:\program files\Lavasoft
2009-06-26 16:13 . 2009-06-26 16:13 -------- d-----w- c:\program files\Trend Micro
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:15 . 2009-06-25 20:15 -------- d-sh--w- c:\windows\System Volume Information
2009-06-24 22:58 . 2009-06-24 22:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-23 14:51 . 2009-06-25 23:57 -------- d-----w- C:\ProgramData
2009-06-23 14:51 . 2009-06-23 16:52 -------- d-----w- c:\program files\Angle Interactive
2009-06-16 04:10 . 2009-06-16 04:10 -------- d-----w- C:\Majestic Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 18:14 . 2005-12-08 05:46 29348 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-06-25 20:28 . 2009-05-05 22:34 -------- d-----w- c:\program files\Coupons
2009-06-25 20:25 . 2008-11-25 01:14 -------- d-----w- c:\program files\NOS
2009-06-25 20:25 . 2008-11-25 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-25 20:22 . 2005-08-14 22:57 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-25 20:22 . 2005-08-14 22:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-25 20:21 . 2005-08-14 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:20 . 2005-12-20 01:41 -------- d-----w- c:\program files\Common Files\AOL
2009-06-22 16:37 . 2005-12-20 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-13 16:04 . 2008-09-19 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-02 00:10 . 2008-08-04 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\RCP 5
2009-05-20 13:54 . 2009-05-20 13:54 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 08:35 . 2009-06-22 16:37 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
2009-05-07 15:44 . 2004-08-10 19:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-10 19:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 18:19 . 2006-06-15 00:57 256768 ----a-w- c:\windows\system32\unicows.dll
2009-04-17 09:58 . 2004-08-10 19:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 19:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-12-06 07:52 . 2005-12-06 07:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-03_02.12.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 03:21 . 2009-07-03 21:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-11-17 03:21 . 2009-07-02 22:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-11-17 03:21 . 2009-07-03 21:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-11-17 03:21 . 2009-07-02 22:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-12-3 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 9:50 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/29/2009 3:12 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/29/2009 3:12 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 3:11 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [11/30/2007 12:27 PM 558592]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:44]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-09-13 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN...&c=
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 14:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-03 14:35
ComboFix-quarantined-files.txt 2009-07-03 21:34
ComboFix2.txt 2009-07-03 02:18
ComboFix3.txt 2009-06-30 02:34

Pre-Run: 206,274,277,376 bytes free
Post-Run: 206,262,665,216 bytes free

190 --- E O F --- 2009-06-14 16:10

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

The tools you used says that it's also Windows XP Pro. You have XP Pro there for sure since Windows detected it as being that as well. You will need the disc to repair one of those files.

How is everything running so far?

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Thanks. I will try to see if I have the disc around here somewhere. I looked yesterday but I think they got moved. If I can't find it is there any other way to do it?
It seems like the computer is running better but as I said I think there are probably some issues still in the background. I will re-run the windows scan as soon as I find the disc and let you know how it goes. What did the new log tell you? Is there anything else I should do?

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

You will need to get this file:

c:\windows\system32\proquota.exe

From another computer and copy it to the system32 folder. It's preferable also that the other computer is running XP Pro with the same service pack version just to be on the safe side.

Log looks ok other than that missing file.

gawilson01 · Joined: Jun 29, 2009 Posts: 13

I ran a scan of AVG anti-virus and it removed this file. I will go into my log for
AVG and see if I can restore it.

I have another question for you and if this is not something you deal with perhaps you can point me in the right direction...
I bought a new laptop and it has Wondows Visa with Works 2007. I believe the home computer has XP with Works 2003. When I try to email myself a document so that I can have it on the laptop it will not allow me to open it from my email. I get an error message. I can save it and then open it but it will not let me open it straight from my email. I have done a lot of research and one site mentioned changing your registry for a similar problem with power point files but I can't figure out how to fix it for .doc and .xlr files. I was going to download the Mocrosoft compatibility software but that appears to be for people who have 2003 and want to open 2007 files. It is a little irritating to not be able to open any files directly and I get things like this through email all the time. Any information you could give would be appreciated.
Thanks!

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Hi,
I went in to AVG and restored the file. Apparently it is seeing it as a virus (packed monger or something like that) and wanted to quarantine it. After restoring I re-ran combofix. Please let me know if this has solved the probelm.
Thanks again!

ComboFix 09-07-04.09 - Compaq_Administrator 07/05/2009 10:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.377 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 17:42 . 2004-08-10 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-05 17:42 . 2004-08-10 12:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-03 22:40 . 2004-08-04 07:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 22:40 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-03 22:40 . 2001-08-18 05:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-03 22:40 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-03 22:40 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-03 22:40 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-03 22:40 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-03 22:40 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-03 22:39 . 2004-08-04 06:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-03 22:39 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-03 22:39 . 2004-08-04 07:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-03 22:39 . 2004-08-04 06:07 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-07-03 22:39 . 2004-08-04 05:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-07-03 22:39 . 2001-08-17 19:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-07-03 22:39 . 2001-08-17 20:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2009-07-03 22:39 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-07-03 22:37 . 2001-08-17 20:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2009-07-03 22:36 . 2001-08-18 05:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-07-03 22:35 . 2001-08-17 19:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-07-03 22:34 . 2001-08-17 19:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-07-03 22:33 . 2001-08-18 05:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-07-03 22:32 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-03 22:31 . 2001-08-18 05:36 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2009-07-03 22:30 . 2001-08-18 05:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-07-03 22:29 . 2001-08-17 21:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2009-07-03 22:28 . 2001-08-17 19:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2009-07-03 22:28 . 2004-08-04 05:59 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2009-07-03 22:28 . 2004-08-04 06:04 30080 ----a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-07-03 22:28 . 2001-08-17 19:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-07-03 22:28 . 2004-08-04 06:10 59648 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-07-03 22:28 . 2001-08-18 05:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2009-07-03 22:28 . 2004-08-04 05:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2009-07-03 22:28 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-07-03 22:28 . 2001-08-17 20:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-07-03 22:28 . 2001-08-17 20:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-07-03 22:28 . 2001-08-18 05:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2009-07-03 22:28 . 2001-08-17 20:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-07-03 22:26 . 2001-08-18 05:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-07-03 22:25 . 2001-08-18 05:36 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-07-03 22:24 . 2001-08-18 05:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-07-03 22:23 . 2001-08-17 21:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2009-07-03 22:22 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-07-03 22:22 . 2004-08-04 06:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 22:22 . 2004-08-10 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-03 22:22 . 2001-08-17 21:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2009-07-03 22:22 . 2001-08-17 20:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2009-07-03 22:22 . 2004-08-04 06:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2009-07-03 22:22 . 2001-08-17 20:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-07-03 22:22 . 2004-08-04 06:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-07-03 22:22 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-07-03 22:20 . 2001-08-17 20:53 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
2009-07-03 22:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-07-03 22:18 . 2001-08-17 21:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-07-03 22:17 . 2001-08-18 05:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-07-03 22:16 . 2001-08-17 21:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
2009-07-03 22:15 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-07-03 22:14 . 2001-08-18 05:36 53248 ----a-w- c:\windows\system32\dllcache\eqndiag.exe
2009-07-03 22:13 . 2001-08-17 19:11 26698 ----a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2009-07-03 22:12 . 2001-08-17 19:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2009-07-03 22:11 . 2004-08-04 07:56 15423 ----a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2009-07-03 22:10 . 2001-08-18 05:36 144384 ----a-w- c:\windows\system32\dllcache\avmenum.dll
2009-07-03 22:09 . 2001-08-17 20:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2009-07-01 15:27 . 2009-06-29 22:11 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-30 02:50 . 2009-06-30 02:50 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 02:46 . 2009-06-30 02:46 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 02:45 . 2009-06-30 02:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-30 02:44 . 2009-06-30 02:44 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 02:44 . 2009-06-30 02:44 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-29 22:36 . 2009-07-05 17:29 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-29 22:14 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 22:12 . 2009-06-29 22:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 22:12 . 2009-06-29 22:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 22:12 . 2009-06-29 22:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 22:12 . 2009-06-29 22:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 22:12 . 2009-07-05 16:04 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-29 22:12 . 2009-06-30 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\program files\AVG
2009-06-29 22:11 . 2009-06-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 22:03 . 2009-06-29 22:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\.housecall6.6
2009-06-29 20:42 . 2009-06-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 18:47 . 2009-06-29 18:47 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 18:46 . 2009-06-29 18:46 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 18:46 . 2009-06-29 18:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-29 18:46 . 2009-06-29 18:46 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 18:45 . 2009-06-29 18:45 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 18:44 . 2009-06-29 18:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 18:39 . 2009-06-29 18:39 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 18:38 . 2009-06-29 18:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 18:37 . 2009-06-29 18:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 18:37 . 2009-06-29 18:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 18:36 . 2009-06-29 18:36 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 18:34 . 2009-06-29 18:34 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 18:33 . 2009-06-29 18:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 18:32 . 2009-06-29 18:32 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 17:02 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2009-06-30 02:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 16:48 . 2009-06-26 16:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 16:48 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 16:48 . 2009-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 16:48 . 2009-06-26 16:48 -------- d-----w- c:\program files\Lavasoft
2009-06-26 16:13 . 2009-06-26 16:13 -------- d-----w- c:\program files\Trend Micro
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 23:50 . 2009-06-25 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 23:50 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:15 . 2009-06-25 20:15 -------- d-sh--w- c:\windows\System Volume Information
2009-06-24 22:58 . 2009-06-24 22:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-23 14:51 . 2009-06-25 23:57 -------- d-----w- C:\ProgramData
2009-06-23 14:51 . 2009-06-23 16:52 -------- d-----w- c:\program files\Angle Interactive
2009-06-16 04:10 . 2009-06-16 04:10 -------- d-----w- C:\Majestic Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 16:23 . 2005-12-08 05:46 29348 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-06-25 20:28 . 2009-05-05 22:34 -------- d-----w- c:\program files\Coupons
2009-06-25 20:25 . 2008-11-25 01:14 -------- d-----w- c:\program files\NOS
2009-06-25 20:25 . 2008-11-25 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-25 20:22 . 2005-08-14 22:57 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-25 20:22 . 2005-08-14 22:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-25 20:21 . 2005-08-14 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:20 . 2005-12-20 01:41 -------- d-----w- c:\program files\Common Files\AOL
2009-06-22 16:37 . 2005-12-20 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-13 16:04 . 2008-09-19 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-02 00:10 . 2008-08-04 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\RCP 5
2009-05-20 13:54 . 2009-05-20 13:54 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 08:35 . 2009-06-22 16:37 120368 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
2009-05-07 15:44 . 2004-08-10 19:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-10 19:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 18:19 . 2006-06-15 00:57 256768 ----a-w- c:\windows\system32\unicows.dll
2009-04-17 09:58 . 2004-08-10 19:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 19:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-12-06 07:52 . 2005-12-06 07:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-03_02.12.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 02:00 . 2004-08-11 02:00 51712 c:\windows\system32\dllcache\wzcsapi.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 41600 c:\windows\system32\dllcache\weitekp9.dll
+ 2009-07-03 22:38 . 2004-08-04 05:29 23615 c:\windows\system32\dllcache\wch7xxnt.sys
+ 2009-07-03 22:38 . 2004-08-04 06:08 31744 c:\windows\system32\dllcache\wceusbsh.sys
+ 2009-07-03 22:38 . 2001-08-17 19:10 35871 c:\windows\system32\dllcache\wbfirdma.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 25471 c:\windows\system32\dllcache\watv10nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 22271 c:\windows\system32\dllcache\watv06nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 33599 c:\windows\system32\dllcache\watv04nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 19551 c:\windows\system32\dllcache\watv02nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 29311 c:\windows\system32\dllcache\watv01nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 11935 c:\windows\system32\dllcache\wadv11nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 11871 c:\windows\system32\dllcache\wadv09nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 11295 c:\windows\system32\dllcache\wadv08nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 11807 c:\windows\system32\dllcache\wadv07nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 11775 c:\windows\system32\dllcache\wadv05nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 12127 c:\windows\system32\dllcache\wadv02nt.sys
+ 2009-07-03 22:38 . 2004-08-04 05:29 12415 c:\windows\system32\dllcache\wadv01nt.sys
+ 2009-07-03 22:38 . 2004-08-04 06:04 13568 c:\windows\system32\dllcache\wacompen.sys
+ 2009-07-03 22:38 . 2001-08-17 19:13 16925 c:\windows\system32\dllcache\w940nd.sys
+ 2009-07-03 22:38 . 2001-08-17 19:13 19016 c:\windows\system32\dllcache\w926nd.sys
+ 2009-07-03 22:38 . 2001-08-17 19:13 19528 c:\windows\system32\dllcache\w840nd.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 48256 c:\windows\system32\dllcache\w32.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 48256 c:\windows\system32\dllcache\w32.dll
+ 2009-07-03 22:38 . 2001-08-17 20:28 64605 c:\windows\system32\dllcache\vvoice.sys
+ 2009-07-03 22:38 . 2004-08-10 12:00 86073 c:\windows\system32\dllcache\voicesub.dll
+ 2009-07-03 22:37 . 2004-08-04 06:07 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2009-07-03 22:37 . 2004-08-04 07:56 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-07-03 22:37 . 2004-08-04 07:56 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2009-07-03 22:37 . 2004-08-04 06:10 78464 c:\windows\system32\dllcache\usbvideo.sys
+ 2009-07-03 22:37 . 2004-08-04 06:08 25600 c:\windows\system32\dllcache\usbser.sys
+ 2005-12-02 23:23 . 2004-08-04 07:01 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 57600 c:\windows\system32\dllcache\usbhub.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 26624 c:\windows\system32\dllcache\usbehci.sys
+ 2009-07-03 22:37 . 2004-08-04 06:07 59264 c:\windows\system32\dllcache\usbaudio.sys
+ 2009-07-03 22:37 . 2004-08-04 06:04 12672 c:\windows\system32\dllcache\usb8023x.sys
+ 2009-07-03 22:37 . 2004-08-04 05:31 32384 c:\windows\system32\dllcache\usb101et.sys
+ 2009-07-03 22:37 . 2004-08-10 12:00 76288 c:\windows\system32\dllcache\uniime.dll
+ 2009-07-03 22:37 . 2001-08-18 05:36 94720 c:\windows\system32\dllcache\umaxud32.dll
+ 2009-07-03 22:36 . 2001-08-18 05:36 26624 c:\windows\system32\dllcache\umaxu22.dll
+ 2009-07-03 22:36 . 2001-08-18 05:36 69632 c:\windows\system32\dllcache\umaxu12.dll
+ 2009-07-03 22:36 . 2001-08-18 05:36 50688 c:\windows\system32\dllcache\umaxscan.dll
+ 2009-07-03 22:36 . 2001-08-17 20:58 22912 c:\windows\system32\dllcache\umaxpcls.sys
+ 2009-07-03 22:36 . 2001-08-18 05:36 50176 c:\windows\system32\dllcache\umaxp60.dll
+ 2009-07-03 22:36 . 2001-08-18 05:36 47616 c:\windows\system32\dllcache\umaxcam.dll
+ 2009-07-03 22:36 . 2001-08-17 20:52 36736 c:\windows\system32\dllcache\ultra.sys
+ 2009-07-03 22:36 . 2004-08-04 06:07 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2009-07-03 22:36 . 2001-08-17 20:48 11520 c:\windows\system32\dllcache\twotrack.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 14336 c:\windows\system32\dllcache\tsprof.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
+ 2009-07-03 22:35 . 2001-08-17 19:12 34375 c:\windows\system32\dllcache\tpro4.sys
+ 2009-07-03 22:35 . 2001-08-18 05:35 42496 c:\windows\system32\dllcache\tp4res.dll
+ 2009-07-03 22:35 . 2004-08-04 07:56 82432 c:\windows\system32\dllcache\tp4mon.exe
+ 2009-07-03 22:35 . 2001-08-18 05:36 31744 c:\windows\system32\dllcache\tp4.dll
+ 2009-07-03 22:35 . 2001-08-17 19:10 28232 c:\windows\system32\dllcache\tos4mo.sys
+ 2009-07-03 22:35 . 2004-08-10 12:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2009-07-03 22:35 . 2004-08-10 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2009-07-03 22:35 . 2001-08-17 21:56 81408 c:\windows\system32\dllcache\tgiul50.dll
+ 2004-08-04 23:01 . 2004-08-04 23:01 40840 c:\windows\system32\dllcache\termdd.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2009-07-03 22:34 . 2001-08-17 19:13 37961 c:\windows\system32\dllcache\tdk100b.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 21896 c:\windows\system32\dllcache\tdipx.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 13192 c:\windows\system32\dllcache\tdasync.sys
+ 2003-03-25 14:52 . 2003-03-24 23:52 16384 c:\windows\system32\dllcache\tcptsat.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 16384 c:\windows\system32\dllcache\tcptsat.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2003-03-25 14:52 . 2003-03-24 23:52 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2009-07-03 22:34 . 2001-08-17 20:49 30464 c:\windows\system32\dllcache\tbatm155.sys
+ 2009-07-03 22:34 . 2001-08-17 19:50 36640 c:\windows\system32\dllcache\t2r4mini.sys
+ 2009-07-03 22:34 . 2001-08-17 21:07 32640 c:\windows\system32\dllcache\symc8xx.sys
+ 2009-07-03 22:34 . 2001-08-17 21:07 16256 c:\windows\system32\dllcache\symc810.sys
+ 2009-07-03 22:34 . 2001-08-17 21:07 30688 c:\windows\system32\dllcache\sym_u3.sys
+ 2009-07-03 22:34 . 2001-08-17 21:07 28384 c:\windows\system32\dllcache\sym_hi.sys
+ 2009-07-03 22:34 . 2001-08-18 05:36 94293 c:\windows\system32\dllcache\sxports.dll
+ 2009-07-03 22:34 . 2001-08-18 05:36 10240 c:\windows\system32\dllcache\swpidflt.dll
+ 2009-07-03 22:33 . 2001-08-18 05:36 53760 c:\windows\system32\dllcache\sw_wheel.dll
+ 2009-07-03 22:33 . 2001-08-18 05:36 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2009-07-03 22:33 . 2004-08-04 06:10 15360 c:\windows\system32\dllcache\streamip.sys
+ 2009-07-03 22:33 . 2001-08-18 05:36 53248 c:\windows\system32\dllcache\stlncoin.dll
+ 2009-07-03 22:33 . 2001-08-17 20:51 16896 c:\windows\system32\dllcache\stcusb.sys
+ 2009-07-03 22:33 . 2001-08-17 19:11 48736 c:\windows\system32\dllcache\srwlnd5.sys
+ 2009-07-03 22:33 . 2001-08-18 05:36 99328 c:\windows\system32\dllcache\srusd.dll
+ 2009-07-03 22:33 . 2001-08-18 05:36 24660 c:\windows\system32\dllcache\spxupchk.dll
+ 2009-07-03 22:33 . 2001-08-17 20:51 61824 c:\windows\system32\dllcache\speed.sys
+ 2009-07-03 22:33 . 2001-08-17 21:07 19072 c:\windows\system32\dllcache\sparrow.sys
+ 2009-07-03 22:32 . 2001-08-17 19:51 37040 c:\windows\system32\dllcache\sonypi.sys
+ 2009-07-03 22:32 . 2001-08-17 19:51 20752 c:\windows\system32\dllcache\sonync.sys
+ 2009-07-03 22:32 . 2001-08-17 19:51 58368 c:\windows\system32\dllcache\smiminib.sys
+ 2009-07-03 22:32 . 2001-08-17 19:12 25034 c:\windows\system32\dllcache\smcpwr2n.sys
+ 2009-07-03 22:32 . 2001-08-17 19:10 35913 c:\windows\system32\dllcache\smcirda.sys
+ 2009-07-03 22:32 . 2001-08-17 19:12 24576 c:\windows\system32\dllcache\smc8000n.sys
+ 2009-07-03 22:32 . 2004-08-04 06:07 16128 c:\windows\system32\dllcache\smbbatt.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 31744 c:\windows\system32\dllcache\smb6w.dll
+ 2009-07-03 22:32 . 2001-08-18 05:36 45568 c:\windows\system32\dllcache\smb3w.dll
+ 2009-07-03 22:32 . 2001-08-18 05:36 33792 c:\windows\system32\dllcache\smb0w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 31744 c:\windows\system32\dllcache\sma3w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
+ 2009-07-03 22:32 . 2001-08-18 05:36 28672 c:\windows\system32\dllcache\sma0w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 38912 c:\windows\system32\dllcache\sm9aw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26624 c:\windows\system32\dllcache\sm93w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26624 c:\windows\system32\dllcache\sm92w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26112 c:\windows\system32\dllcache\sm90w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26112 c:\windows\system32\dllcache\sm8dw.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 29184 c:\windows\system32\dllcache\sm8cw.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26112 c:\windows\system32\dllcache\sm8aw.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 30208 c:\windows\system32\dllcache\sm87w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 25088 c:\windows\system32\dllcache\sm59w.dll
+ 2009-07-03 22:31 . 2004-08-04 05:41 13240 c:\windows\system32\dllcache\slwdmsup.sys
+ 2009-07-03 22:31 . 2004-08-04 07:56 73796 c:\windows\system32\dllcache\slserv.exe
+ 2009-07-03 22:31 . 2004-08-04 07:56 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2009-07-03 22:31 . 2004-08-04 05:41 95424 c:\windows\system32\dllcache\slnthal.sys
+ 2009-07-03 22:31 . 2004-08-04 06:10 11136 c:\windows\system32\dllcache\slip.sys
+ 2009-07-03 22:31 . 2004-08-04 07:56 73832 c:\windows\system32\dllcache\slcoinst.dll
+ 2009-07-03 22:31 . 2004-08-04 05:31 63547 c:\windows\system32\dllcache\sla30nd5.sys
+ 2009-07-03 22:31 . 2001-08-17 19:12 91294 c:\windows\system32\dllcache\skfpwin.sys
+ 2009-07-03 22:31 . 2001-08-17 19:12 94698 c:\windows\system32\dllcache\sk98xwin.sys
+ 2009-07-03 22:31 . 2001-08-17 19:50 50432 c:\windows\system32\dllcache\sisv.sys
+ 2009-07-03 22:31 . 2004-08-04 05:31 32768 c:\windows\system32\dllcache\sisnic.sys
+ 2009-07-03 22:31 . 2004-08-04 06:07 41088 c:\windows\system32\dllcache\sisagp.sys
+ 2009-07-03 22:31 . 2001-08-17 19:50 68608 c:\windows\system32\dllcache\sis6306p.sys
- 2003-03-25 14:52 . 2003-03-25 14:52 16437 c:\windows\system32\dllcache\shtml.exe
+ 2003-03-25 14:52 . 2003-03-24 23:52 16437 c:\windows\system32\dllcache\shtml.exe
- 2003-03-25 14:52 . 2003-03-25 14:52 20536 c:\windows\system32\dllcache\shtml.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 20536 c:\windows\system32\dllcache\shtml.dll
+ 2009-07-03 22:31 . 2001-07-21 21:29 18400 c:\windows\system32\dllcache\sgsmld.sys
+ 2009-07-03 22:31 . 2001-08-17 19:51 98080 c:\windows\system32\dllcache\sgiulnt5.sys
+ 2009-07-03 22:30 . 2001-08-17 19:19 36480 c:\windows\system32\dllcache\sfmanm.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2009-07-03 22:30 . 2001-08-17 20:48 17664 c:\windows\system32\dllcache\sermouse.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 64896 c:\windows\system32\dllcache\serial.sys
+ 2009-07-03 22:30 . 2001-08-17 20:53 10880 c:\windows\system32\dllcache\scsiscan.sys
+ 2009-07-03 22:30 . 2001-08-17 20:52 11648 c:\windows\system32\dllcache\scsiprnt.sys
+ 2009-07-03 22:30 . 2001-08-17 20:51 17280 c:\windows\system32\dllcache\scr111.sys
+ 2009-07-03 22:30 . 2001-08-17 20:51 16640 c:\windows\system32\dllcache\scmstcs.sys
+ 2009-07-03 22:30 . 2001-08-17 20:51 23936 c:\windows\system32\dllcache\sccmusbm.sys
+ 2009-07-03 22:30 . 2001-08-17 20:51 23936 c:\windows\system32\dllcache\sccmn50m.sys
+ 2009-07-03 22:30 . 2004-08-04 05:59 43136 c:\windows\system32\dllcache\sbp2port.sys
+ 2009-07-03 22:30 . 2001-08-17 19:50 75392 c:\windows\system32\dllcache\s3savmxm.sys
+ 2009-07-03 22:29 . 2001-08-17 19:50 77824 c:\windows\system32\dllcache\s3sav4m.sys
+ 2009-07-03 22:29 . 2001-08-17 19:50 61504 c:\windows\system32\dllcache\s3sav3dm.sys
+ 2009-07-03 22:29 . 2001-08-18 05:36 62496 c:\windows\system32\dllcache\s3mtrio.dll
+ 2009-07-03 22:29 . 2001-08-17 19:50 41216 c:\windows\system32\dllcache\s3mt3d.sys
+ 2009-07-03 22:29 . 2001-08-17 20:57 65664 c:\windows\system32\dllcache\s3legacy.sys
+ 2009-07-03 22:09 . 2001-08-17 21:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2009-07-03 22:29 . 2001-08-18 05:36 82432 c:\windows\system32\dllcache\rwia450.dll
+ 2009-07-03 22:29 . 2001-08-18 05:36 79872 c:\windows\system32\dllcache\rwia430.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 79872 c:\windows\system32\dllcache\rwia330.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 79872 c:\windows\system32\dllcache\rwia001.dll
+ 2009-07-03 22:29 . 2001-08-18 05:36 26624 c:\windows\system32\dllcache\rw450ext.dll
+ 2009-07-03 22:29 . 2001-08-18 05:36 24576 c:\windows\system32\dllcache\rw430ext.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 26624 c:\windows\system32\dllcache\rw330ext.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 26624 c:\windows\system32\dllcache\rw330ext.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 24576 c:\windows\system32\dllcache\rw001ext.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 24576 c:\windows\system32\dllcache\rw001ext.dll
+ 2009-07-03 22:29 . 2001-08-17 19:12 19017 c:\windows\system32\dllcache\rtl8029.sys
+ 2009-07-03 22:29 . 2001-08-17 19:19 30720 c:\windows\system32\dllcache\rthwcls.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 14848 c:\windows\system32\dllcache\register.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 14848 c:\windows\system32\dllcache\register.exe
+ 2004-08-04 12:59 . 2004-08-04 12:59 57472 c:\windows\system32\dllcache\redbook.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 20736 c:\windows\system32\dllcache\ramdisk.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 20736 c:\windows\system32\dllcache\ramdisk.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 16384 c:\windows\system32\dllcache\quser.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 16384 c:\windows\system32\dllcache\quser.exe
+ 2009-07-03 22:27 . 2001-08-17 20:52 49024 c:\windows\system32\dllcache\ql1280.sys
+ 2009-07-03 22:27 . 2001-08-17 20:52 40448 c:\windows\system32\dllcache\ql1240.sys
+ 2009-07-03 22:27 . 2001-08-17 20:52 45312 c:\windows\system32\dllcache\ql12160.sys
+ 2009-07-03 22:27 . 2001-08-17 20:52 33152 c:\windows\system32\dllcache\ql10wnt.sys
+ 2009-07-03 22:27 . 2001-08-17 20:52 40320 c:\windows\system32\dllcache\ql1080.sys
+ 2009-07-03 22:27 . 2001-08-18 05:36 35328 c:\windows\system32\dllcache\psisload.dll
+ 2009-07-03 22:27 . 2001-08-17 20:51 16128 c:\windows\system32\dllcache\pscr.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 35328 c:\windows\system32\dllcache\processr.sys
+ 2009-07-03 22:27 . 2004-08-04 06:00 17664 c:\windows\system32\dllcache\ppa3.sys
+ 2009-07-03 22:27 . 2001-08-17 20:53 17792 c:\windows\system32\dllcache\ppa.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
+ 2009-07-03 22:27 . 2004-08-10 12:00 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2004-08-11 02:00 . 2004-08-11 02:00 15360 c:\windows\system32\dllcache\pjlmon.dll
+ 2009-07-03 22:27 . 2004-08-10 12:00 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2009-07-03 22:27 . 2004-08-10 12:00 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2009-07-03 22:26 . 2001-08-17 21:07 19840 c:\windows\system32\dllcache\philtune.sys
+ 2009-07-03 22:26 . 2001-08-17 21:04 92416 c:\windows\system32\dllcache\phildec.sys
+ 2009-07-03 22:26 . 2001-08-17 21:04 75776 c:\windows\system32\dllcache\philcam1.sys
+ 2009-07-03 22:26 . 2001-08-18 05:36 16384 c:\windows\system32\dllcache\philcam1.dll
+ 2009-07-03 22:26 . 2004-08-04 06:06 28032 c:\windows\system32\dllcache\perm3.sys
+ 2009-07-03 22:26 . 2004-08-04 06:06 27904 c:\windows\system32\dllcache\perm2.sys
+ 2009-07-03 22:26 . 2001-08-17 21:07 27296 c:\windows\system32\dllcache\perc2.sys
+ 2009-07-03 22:26 . 2001-08-18 05:36 86016 c:\windows\system32\dllcache\pctspk.exe
+ 2009-07-03 22:26 . 2001-08-17 19:11 35328 c:\windows\system32\dllcache\pcntpci5.sys
+ 2009-07-03 22:26 . 2001-08-17 19:11 29769 c:\windows\system32\dllcache\pcntn5m.sys
+ 2009-07-03 22:26 . 2001-08-17 19:11 30282 c:\windows\system32\dllcache\pcntn5hl.sys
+ 2009-07-03 22:26 . 2001-08-17 19:12 26153 c:\windows\system32\dllcache\pcmlm56.sys
+ 2009-07-03 22:26 . 2004-08-04 05:31 29502 c:\windows\system32\dllcache\pca200e.sys
+ 2009-07-03 22:26 . 2001-08-17 19:12 30495 c:\windows\system32\dllcache\pc100nds.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 80128 c:\windows\system32\dllcache\parport.sys
+ 2009-07-03 22:26 . 2004-08-10 12:00 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2009-07-03 22:26 . 2004-08-10 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2009-07-03 22:26 . 2004-08-10 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2009-07-03 22:26 . 2004-08-10 12:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2009-07-03 22:25 . 2001-08-18 05:36 44544 c:\windows\system32\dllcache\ovui2.dll
+ 2009-07-03 22:25 . 2001-08-17 21:05 25216 c:\windows\system32\dllcache\ovsound2.sys
+ 2009-07-03 22:25 . 2001-08-18 05:36 39424 c:\windows\system32\dllcache\ovcoms.exe
+ 2009-07-03 22:25 . 2001-08-18 05:36 20480 c:\windows\system32\dllcache\ovcomc.dll
+ 2009-07-03 22:25 . 2001-08-17 21:05 31872 c:\windows\system32\dllcache\ovce.sys
+ 2009-07-03 22:25 . 2001-08-17 21:05 28032 c:\windows\system32\dllcache\ovcd.sys
+ 2009-07-03 22:25 . 2001-08-17 21:05 48000 c:\windows\system32\dllcache\ovcam2.sys
+ 2009-07-03 22:25 . 2001-08-17 21:05 25088 c:\windows\system32\dllcache\ovca.sys
+ 2009-07-03 22:25 . 2001-08-17 20:28 54186 c:\windows\system32\dllcache\otcsercb.sys
+ 2009-07-03 22:25 . 2001-08-17 19:12 43689 c:\windows\system32\dllcache\otceth5.sys
+ 2009-07-03 22:25 . 2001-08-17 19:12 27209 c:\windows\system32\dllcache\otc06x5.sys
+ 2009-07-03 22:25 . 2001-08-17 19:20 54528 c:\windows\system32\dllcache\opl3sax.sys
+ 2009-07-03 22:24 . 2001-08-17 19:49 51552 c:\windows\system32\dllcache\ntgrip.sys
+ 2009-07-03 22:24 . 2004-08-04 06:00 28672 c:\windows\system32\dllcache\nscirda.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2009-07-03 22:24 . 2001-08-17 19:20 87040 c:\windows\system32\dllcache\nm6wdm.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 61824 c:\windows\system32\dllcache\nic1394.sys
+ 2009-07-03 22:24 . 2001-08-17 19:12 32840 c:\windows\system32\dllcache\ngrpci.sys
+ 2009-07-03 22:24 . 2001-08-17 19:11 65278 c:\windows\system32\dllcache\netflx3.sys
+ 2009-07-03 22:24 . 2001-08-17 19:50 39264 c:\windows\system32\dllcache\neo20xx.sys
+ 2009-07-03 22:24 . 2001-08-18 05:36 60480 c:\windows\system32\dllcache\neo20xx.dll
+ 2009-07-03 22:24 . 2001-08-17 20:49 15872 c:\windows\system32\dllcache\ne2000.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 12928 c:\windows\system32\dllcache\ndisuio.sys
+ 2009-07-03 22:24 . 2004-08-04 06:10 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2009-07-03 22:24 . 2004-08-04 06:10 85376 c:\windows\system32\dllcache\nabtsfec.sys
+ 2009-07-03 22:23 . 2001-08-17 19:50 27936 c:\windows\system32\dllcache\n9i3d.sys
+ 2009-07-03 22:23 . 2001-08-17 19:50 33088 c:\windows\system32\dllcache\n9i128v2.sys
+ 2009-07-03 22:23 . 2001-08-18 05:36 59104 c:\windows\system32\dllcache\n9i128v2.dll
+ 2009-07-03 22:23 . 2001-08-17 19:50 13664 c:\windows\system32\dllcache\n9i128.sys
+ 2009-07-03 22:23 . 2001-08-17 21:56 35392 c:\windows\system32\dllcache\n9i128.dll
+ 2009-07-03 22:23 . 2001-08-17 19:11 52255 c:\windows\system32\dllcache\n1000nt5.sys
+ 2009-07-03 22:23 . 2001-08-17 20:50 75520 c:\windows\system32\dllcache\mxport.sys
+ 2009-07-03 22:23 . 2001-08-17 20:49 19968 c:\windows\system32\dllcache\mxnic.sys
+ 2009-07-03 22:23 . 2001-08-18 05:36 19968 c:\windows\system32\dllcache\mxicfg.dll
+ 2009-07-03 22:23 . 2001-08-17 20:50 21888 c:\windows\system32\dllcache\mxcard.sys
+ 2009-07-03 22:23 . 2004-08-04 06:04 12672 c:\windows\system32\dllcache\mutohpen.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 17408 c:\windows\system32\dllcache\msyuv.dll
+ 2009-07-03 22:23 . 2004-08-04 06:10 49024 c:\windows\system32\dllcache\mstape.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 15488 c:\windows\system32\dllcache\mssmbios.sys
+ 2009-07-03 22:23 . 2001-08-17 20:48 12416 c:\windows\system32\dllcache\msriffwv.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 40960 c:\windows\system32\dllcache\msiregmv.exe
- 2004-08-10 19:00 . 2004-08-10 19:00 40960 c:\windows\system32\dllcache\msiregmv.exe
+ 2004-08-11 02:00 . 2004-08-11 02:00 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 30080 c:\windows\system32\dllcache\modem.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 34304 c:\windows\system32\dllcache\migisol.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 34304 c:\windows\system32\dllcache\migisol.exe
- 2004-08-10 19:00 . 2004-08-10 19:00 92416 c:\windows\system32\dllcache\mga.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 92416 c:\windows\system32\dllcache\mga.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 92032 c:\windows\system32\dllcache\mga.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 92032 c:\windows\system32\dllcache\mga.dll
+ 2009-07-03 22:21 . 2004-08-04 06:00 26112 c:\windows\system32\dllcache\memstpci.sys
+ 2009-07-03 22:21 . 2001-08-18 05:36 47616 c:\windows\system32\dllcache\memgrp.dll
+ 2009-07-03 22:21 . 2001-08-17 19:19 48768 c:\windows\system32\dllcache\maestro.sys
+ 2009-07-03 22:21 . 2001-08-18 05:36 58880 c:\windows\system32\dllcache\m3092dc.dll
+ 2009-07-03 22:21 . 2001-08-18 05:36 58368 c:\windows\system32\dllcache\m3091dc.dll
+ 2009-07-03 22:21 . 2001-08-17 19:49 22848 c:\windows\system32\dllcache\lwusbhid.sys
+ 2009-07-03 22:21 . 2004-08-04 05:39 20864 c:\windows\system32\dllcache\lwadihid.sys
+ 2009-07-03 22:20 . 2001-08-17 19:12 70730 c:\windows\system32\dllcache\lne100tx.sys
+ 2009-07-03 22:20 . 2001-08-17 19:12 20573 c:\windows\system32\dllcache\lne100.sys
+ 2009-07-03 22:20 . 2001-08-17 19:11 25065 c:\windows\system32\dllcache\lmndis3.sys
+ 2009-07-03 22:20 . 2001-08-17 20:51 15744 c:\windows\system32\dllcache\lit220p.sys
+ 2009-07-03 22:20 . 2004-08-04 05:59 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2009-07-03 22:20 . 2001-08-17 19:12 26442 c:\windows\system32\dllcache\lanepic5.sys
+ 2009-07-03 22:20 . 2001-08-17 19:12 19016 c:\windows\system32\dllcache\ktc111.sys
+ 2009-07-03 22:20 . 2001-08-18 05:36 37376 c:\windows\system32\dllcache\kousd.dll
+ 2009-07-03 22:20 . 2004-08-10 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
+ 2009-07-03 22:20 . 2001-08-18 05:36 45568 c:\windows\system32\dllcache\kdsui.dll
+ 2009-07-03 22:20 . 2004-08-04 05:58 14848 c:\windows\system32\dllcache\kbdhid.sys
- 2004-08-10 19:00 . 2004-08-04 12:58 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-10 19:00 . 2004-08-04 06:58 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 18432 c:\windows\system32\dllcache\jupiw.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 18432 c:\windows\system32\dllcache\jupiw.dll
+ 2004-08-11 02:00 . 2004-08-11 02:00 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-07-03 22:19 . 2001-08-17 20:49 26624 c:\windows\system32\dllcache\irstusb.sys
+ 2009-07-03 22:19 . 2001-08-17 20:51 18688 c:\windows\system32\dllcache\irsir.sys
+ 2009-07-03 22:19 . 2004-08-04 07:56 27136 c:\windows\system32\dllcache\irmon.dll
+ 2009-07-03 22:19 . 2001-08-17 20:49 23552 c:\windows\system32\dllcache\irmk7.sys
+ 2009-07-03 22:19 . 2004-08-04 06:00 87424 c:\windows\system32\dllcache\irda.sys
+ 2009-07-03 22:19 . 2004-08-10 10:47 46208 c:\windows\system32\dllcache\irbus.sys
+ 2009-07-03 22:19 . 2001-08-17 19:12 45632 c:\windows\system32\dllcache\ip5515.sys
+ 2009-07-03 22:19 . 2001-08-18 05:36 90200 c:\windows\system32\dllcache\io8ports.dll
+ 2009-07-03 22:19 . 2001-08-17 20:50 38784 c:\windows\system32\dllcache\io8.sys
- 2004-08-04 12:59 . 2004-08-04 12:59 36096 c:\windows\system32\dllcache\intelppm.sys
+ 2004-08-04 12:59 . 2004-08-04 05:59 36096 c:\windows\system32\dllcache\intelppm.sys
+ 2009-07-03 22:19 . 2001-08-17 20:47 13056 c:\windows\system32\dllcache\inport.sys
+ 2009-07-03 22:19 . 2001-08-17 20:52 16000 c:\windows\system32\dllcache\ini910u.sys
+ 2009-07-03 22:19 . 2004-08-10 12:00 59392 c:\windows\system32\dllcache\imscinst.exe
+ 2009-07-03 22:19 . 2004-08-10 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2009-07-03 22:19 . 2004-08-10 12:00 45109 c:\windows\system32\dllcache\imjpuex.exe
+ 2009-07-03 22:19 . 2004-08-10 12:00 81976 c:\windows\system32\dllcache\imjpdct.dll
+ 2009-07-03 22:19 . 2004-08-10 12:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
+ 2009-07-03 22:19 . 2004-08-10 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2009-07-03 22:19 . 2004-08-10 12:00 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2004-08-10 19:00 . 2004-08-10 19:00 41856 c:\windows\system32\dllcache\imapi.sys
+ 2009-07-03 22:19 . 2001-08-18 05:36 20480 c:\windows\system32\dllcache\icam5ext.dll
+ 2009-07-03 22:19 . 2001-08-18 05:36 45056 c:\windows\system32\dllcache\icam5com.dll
+ 2009-07-03 22:18 . 2001-08-18 05:36 61952 c:\windows\system32\dllcache\icam4ext.dll
+ 2009-07-03 22:18 . 2001-08-18 05:36 91136 c:\windows\system32\dllcache\icam4com.dll
+ 2009-07-03 22:18 . 2001-08-18 05:36 26624 c:\windows\system32\dllcache\icam3ext.dll
+ 2009-07-03 22:18 . 2001-08-17 21:06 38528 c:\windows\system32\dllcache\ibmvcap.sys
+ 2009-07-03 22:18 . 2001-08-17 19:11 28700 c:\windows\system32\dllcache\ibmexmp.sys
- 2004-08-10 19:00 . 2004-08-04 13:14 52736 c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-10 19:00 . 2004-08-04 07:14 52736 c:\windows\system32\dllcache\i8042prt.sys
+ 2009-07-03 22:18 . 2001-08-17 19:49 58592 c:\windows\system32\dllcache\i740nt5.sys
+ 2009-07-03 22:18 . 2004-08-04 06:00 18560 c:\windows\system32\dllcache\i2omp.sys
+ 2009-07-03 22:18 . 2004-08-04 07:56 32285 c:\windows\system32\dllcache\hsfcisp2.dll
+ 2009-07-03 22:18 . 2001-08-17 20:28 50751 c:\windows\system32\dllcache\hsf_tone.sys
+ 2009-07-03 22:18 . 2001-08-17 20:28 73279 c:\windows\system32\dllcache\hsf_spkp.sys
+ 2009-07-03 22:18 . 2001-08-17 20:28 44863 c:\windows\system32\dllcache\hsf_soar.sys
+ 2009-07-03 22:18 . 2001-08-17 20:28 57471 c:\windows\system32\dllcache\hsf_samp.sys
+ 2009-07-03 22:17 . 2001-08-17 20:28 67167 c:\windows\system32\dllcache\hsf_bsc2.sys
+ 2009-07-03 22:17 . 2001-08-18 05:36 19456 c:\windows\system32\dllcache\hr1w.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 13312 c:\windows\system32\dllcache\hpsjmcro.dll
+ 2009-07-03 22:17 . 2001-08-17 21:07 25952 c:\windows\system32\dllcache\hpn.sys
+ 2009-07-03 22:17 . 2001-08-18 05:36 32768 c:\windows\system32\dllcache\hpgtmcro.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 68608 c:\windows\system32\dllcache\hpgt53tk.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 31232 c:\windows\system32\dllcache\hpgt42tk.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 93696 c:\windows\system32\dllcache\hpgt42.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 48128 c:\windows\system32\dllcache\hpgt33tk.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 89088 c:\windows\system32\dllcache\hpgt33.dll
+ 2009-07-03 22:17 . 2001-08-18 05:36 83968 c:\windows\system32\dllcache\hpgt21.dll
+ 2009-07-03 22:17 . 2004-08-04 07:56 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2004-08-10 19:00 . 2004-08-10 19:00 24960 c:\windows\system32\dllcache\hidparse.sys
+ 2009-07-03 22:17 . 2004-08-10 10:47 17024 c:\windows\system32\dllcache\hidir.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 36224 c:\windows\system32\dllcache\hidclass.sys
+ 2009-07-03 22:16 . 2004-08-04 06:10 25600 c:\windows\system32\dllcache\hidbth.sys
+ 2009-07-03 22:16 . 2001-08-17 20:58 19200 c:\windows\system32\dllcache\hidbatt.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 20992 c:\windows\system32\dllcache\hid.dll
+ 2009-07-03 22:16 . 2004-08-10 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
+ 2009-07-03 22:16 . 2004-08-04 05:59 28288 c:\windows\system32\dllcache\grserial.sys
+ 2009-07-03 22:16 . 2001-08-17 20:51 82304 c:\windows\system32\dllcache\grclass.sys
+ 2009-07-03 22:16 . 2001-08-17 20:51 17408 c:\windows\system32\dllcache\gpr400.sys
+ 2009-07-03 22:16 . 2004-08-04 06:08 59136 c:\windows\system32\dllcache\gckernel.sys
+ 2009-07-03 22:16 . 2004-08-04 06:08 10624 c:\windows\system32\dllcache\gameenum.sys
+ 2009-07-03 22:16 . 2004-08-04 06:07 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2009-07-03 22:16 . 2001-08-18 05:36 92160 c:\windows\system32\dllcache\fuusd.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2003-03-25 14:52 . 2003-03-24 23:52 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2003-03-25 14:52 . 2003-03-24 23:52 20541 c:\windows\system32\dllcache\fpexedll.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 94208 c:\windows\system32\dllcache\fpencode.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 94208 c:\windows\system32\dllcache\fpencode.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 20541 c:\windows\system32\dllcache\fpadmdll.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 20541 c:\windows\system32\dllcache\fpadmdll.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 24632 c:\windows\system32\dllcache\fpadmcgi.exe
- 2003-03-25 14:52 . 2003-03-25 14:52 24632 c:\windows\system32\dllcache\fpadmcgi.exe
+ 2003-03-25 14:52 . 2003-03-24 23:52 14608 c:\windows\system32\dllcache\fp98sadm.exe
- 2003-03-25 14:52 . 2003-03-25 14:52 14608 c:\windows\system32\dllcache\fp98sadm.exe
- 2003-03-25 14:52 . 2003-03-25 14:52 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 49212 c:\windows\system32\dllcache\fp4awebs.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 32826 c:\windows\system32\dllcache\fp4avss.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 41020 c:\windows\system32\dllcache\fp4avnb.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2003-03-25 14:52 . 2003-03-24 23:52 82035 c:\windows\system32\dllcache\fp4anscp.dll
- 2003-03-25 14:52 . 2003-03-25 14:52 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2009-07-03 22:16 . 2004-08-04 05:31 34173 c:\windows\system32\dllcache\forehe.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 14848 c:\windows\system32\dllcache\flattemp.exe
- 2004-08-10 19:00 . 2004-08-10 19:00 14848 c:\windows\system32\dllcache\flattemp.exe
+ 2009-07-03 22:15 . 2001-08-17 19:13 27165 c:\windows\system32\dllcache\fetnd5.sys
+ 2009-07-03 22:15 . 2001-08-17 19:10 22090 c:\windows\system32\dllcache\fem556n5.sys
+ 2009-07-03 22:15 . 2001-08-17 19:12 24618 c:\windows\system32\dllcache\fa410nd5.sys
+ 2009-07-03 22:15 . 2001-08-17 19:12 16074 c:\windows\system32\dllcache\fa312nd5.sys
+ 2009-07-03 22:15 . 2001-08-17 19:11 11850 c:\windows\system32\dllcache\f3ab18xj.sys
+ 2009-07-03 22:15 . 2001-08-17 19:11 12362 c:\windows\system32\dllcache\f3ab18xi.sys
+ 2009-07-03 22:15 . 2001-08-17 19:12 16998 c:\windows\system32\dllcache\ex10.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 25856 c:\windows\system32\dllcache\et4000.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 25856 c:\windows\system32\dllcache\et4000.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 45056 c:\windows\system32\dllcache\esunid.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 45056 c:\windows\system32\dllcache\esunid.dll
+ 2009-07-03 22:15 . 2001-08-18 05:36 45568 c:\windows\system32\dllcache\esunib.dll
+ 2009-07-03 22:15 . 2001-08-18 05:36 45568 c:\windows\system32\dllcache\esuni.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 57856 c:\windows\system32\dllcache\esuimgd.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 57856 c:\windows\system32\dllcache\esuimgd.dll
+ 2009-07-03 22:15 . 2001-08-18 05:36 34816 c:\windows\system32\dllcache\esuimg.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 31744 c:\windows\system32\dllcache\esucmd.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 31744 c:\windows\system32\dllcache\esucmd.dll
+ 2009-07-03 22:15 . 2001-08-18 05:36 43008 c:\windows\system32\dllcache\esucm.dll
+ 2009-07-03 22:15 . 2001-08-17 19:19 63360 c:\windows\system32\dllcache\ess.sys
+ 2009-07-03 22:15 . 2001-08-17 19:19 72192 c:\windows\system32\dllcache\es1969.sys
+ 2009-07-03 22:15 . 2001-08-17 19:19 40704 c:\windows\system32\dllcache\es1371mp.sys
+ 2009-07-03 22:15 . 2001-08-17 19:19 37120 c:\windows\system32\dllcache\es1370mp.sys
+ 2009-07-03 22:15 . 2001-08-18 05:36 61952 c:\windows\system32\dllcache\eqnloop.exe
+ 2009-07-03 22:15 . 2001-08-18 05:36 51200 c:\windows\system32\dllcache\eqnlogr.exe
+ 2009-07-03 22:14 . 2001-08-17 19:12 18503 c:\windows\system32\dllcache\epro4.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 19996 c:\windows\system32\dllcache\em556n4.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 25159 c:\windows\system32\dllcache\elnk3.sys
+ 2009-07-03 22:14 . 2001-08-17 19:11 70174 c:\windows\system32\dllcache\el98xn5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:11 66591 c:\windows\system32\dllcache\el90xbc5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:11 77386 c:\windows\system32\dllcache\el656nd5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:11 69194 c:\windows\system32\dllcache\el656cd5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 26141 c:\windows\system32\dllcache\el589nd5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 69692 c:\windows\system32\dllcache\el575nd5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 24653 c:\windows\system32\dllcache\el574nd4.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 55999 c:\windows\system32\dllcache\el556nd5.sys
+ 2009-07-03 22:14 . 2001-08-17 19:10 44103 c:\windows\system32\dllcache\el515.sys
+ 2009-07-03 22:14 . 2001-08-17 19:12 19594 c:\windows\system32\dllcache\e100isa4.sys
+ 2009-07-03 22:14 . 2001-08-17 19:12 50719 c:\windows\system32\dllcache\e1000nt5.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 71040 c:\windows\system32\dllcache\dxg.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 55632 c:\windows\system32\dllcache\dwil1033.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 55632 c:\windows\system32\dllcache\dwil1033.dll
+ 2009-07-03 22:14 . 2001-08-17 21:07 20192 c:\windows\system32\dllcache\dpti2o.sys
+ 2009-07-03 22:14 . 2001-08-17 19:12 28062 c:\windows\system32\dllcache\dp83820.sys
+ 2009-07-03 22:14 . 2001-08-17 20:47 23808 c:\windows\system32\dllcache\dot4usb.sys
+ 2009-07-03 22:14 . 2001-08-17 20:47 12928 c:\windows\system32\dllcache\dot4prt.sys
+ 2009-07-03 22:14 . 2001-08-17 19:11 29696 c:\windows\system32\dllcache\dm9pci5.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 29768 c:\windows\system32\dllcache\divasu.dll
+ 2009-07-03 22:13 . 2001-08-18 05:36 37962 c:\windows\system32\dllcache\divaprop.dll
+ 2009-07-03 22:13 . 2001-08-18 05:36 38985 c:\windows\system32\dllcache\disrvsu.dll
+ 2009-07-03 22:13 . 2001-08-18 05:36 31305 c:\windows\system32\dllcache\disrvpp.dll
+ 2009-07-03 22:13 . 2001-08-17 19:13 91305 c:\windows\system32\dllcache\dimaint.sys
+ 2009-07-03 22:13 . 2001-08-17 19:17 42432 c:\windows\system32\dllcache\digirlpt.sys
+ 2009-07-03 22:13 . 2001-08-17 19:14 21606 c:\windows\system32\dllcache\digiisdn.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 41046 c:\windows\system32\dllcache\digiisdn.dll
+ 2009-07-03 22:13 . 2001-08-17 19:17 90525 c:\windows\system32\dllcache\digifep5.sys
+ 2009-07-03 22:13 . 2001-08-17 19:13 37735 c:\windows\system32\dllcache\digiasyn.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 65622 c:\windows\system32\dllcache\digiasyn.dll
+ 2009-07-03 22:11 . 2001-08-18 05:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
+ 2009-07-03 22:13 . 2001-08-17 19:17 29531 c:\windows\system32\dllcache\dgapci.sys
+ 2009-07-03 22:13 . 2001-08-17 19:11 24649 c:\windows\system32\dllcache\dfe650d.sys
+ 2009-07-03 22:13 . 2001-08-17 19:11 24648 c:\windows\system32\dllcache\dfe650.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 24064 c:\windows\system32\dllcache\devldr32.exe
+ 2009-07-03 22:13 . 2001-08-17 19:11 20928 c:\windows\system32\dllcache\defpa.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 86016 c:\windows\system32\dllcache\dc240usd.dll
+ 2009-07-03 22:13 . 2001-08-17 19:12 63208 c:\windows\system32\dllcache\dc21x4.sys
+ 2009-07-03 22:13 . 2001-08-18 05:36 80896 c:\windows\system32\dllcache\dc210usd.dll
+ 2009-07-03 22:13 . 2001-08-18 05:36 25600 c:\windows\system32\dllcache\dc210_32.dll
+ 2009-07-03 22:13 . 2001-08-17 20:52 14720 c:\windows\system32\dllcache\dac960nt.sys
+ 2009-07-03 22:12 . 2001-08-18 05:36 27648 c:\windows\system32\dllcache\cyzports.dll
+ 2009-07-03 22:12 . 2001-08-17 20:50 49792 c:\windows\system32\dllcache\cyzport.sys
+ 2009-07-03 22:12 . 2001-08-18 05:36 27136 c:\windows\system32\dllcache\cyzcoins.dll
+ 2009-07-03 22:12 . 2001-08-18 05:36 27648 c:\windows\system32\dllcache\cyyports.dll
+ 2009-07-03 22:12 . 2001-08-17 20:50 50176 c:\windows\system32\dllcache\cyyport.sys
+ 2009-07-03 22:12 . 2001-08-18 05:36 28672 c:\windows\system32\dllcache\cyycoins.dll
+ 2009-07-03 22:12 . 2001-08-17 20:50 14848 c:\windows\system32\dllcache\cyclom-y.sys
+ 2009-07-03 22:12 . 2001-08-17 20:50 17152 c:\windows\system32\dllcache\cyclad-z.sys
+ 2009-07-03 22:12 . 2004-08-04 05:32 48640 c:\windows\system32\dllcache\cwrwdm.sys
+ 2009-07-03 22:12 . 2001-08-17 19:19 93952 c:\windows\system32\dllcache\cwcwdm.sys
+ 2009-07-03 22:12 . 2001-08-17 19:19 72832 c:\windows\system32\dllcache\cwbwdm.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 28672 c:\windows\system32\dllcache\custsat.dll
- 2004-08-10 19:00 . 2005-01-28 20:44 28672 c:\windows\system32\dllcache\custsat.dll
+ 2009-07-03 22:12 . 2001-08-17 19:19 96256 c:\windows\system32\dllcache\ctlsb16.sys
+ 2009-07-03 22:12 . 2001-08-17 19:19 42112 c:\windows\system32\dllcache\crtaud.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 18944 c:\windows\system32\dllcache\cprofile.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 18944 c:\windows\system32\dllcache\cprofile.exe
+ 2009-07-03 22:12 . 2001-08-17 19:11 60970 c:\windows\system32\dllcache\cpqtrnd5.sys
+ 2009-07-03 22:12 . 2001-08-17 19:13 21533 c:\windows\system32\dllcache\cpqndis5.sys
+ 2009-07-03 22:12 . 2001-08-17 20:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2009-07-03 22:12 . 2004-08-10 12:00 57399 c:\windows\system32\dllcache\cplexe.exe
+ 2009-07-03 22:12 . 2001-08-17 19:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2009-07-03 22:12 . 2001-08-18 05:36 44032 c:\windows\system32\dllcache\cnusd.dll
+ 2004-08-11 02:00 . 2004-08-11 02:00 47104 c:\windows\system32\dllcache\cnbjmon.dll
+ 2009-07-03 22:12 . 2001-08-17 20:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2009-07-03 22:12 . 2004-08-04 06:07 14080 c:\windows\system32\dllcache\cmbatt.sys
+ 2009-07-03 22:12 . 2001-08-17 20:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2009-07-03 22:12 . 2001-08-17 21:56 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2009-07-03 22:12 . 2004-08-10 12:00 56320 c:\windows\system32\dllcache\chtskdic.dll
+ 2009-07-03 22:12 . 2004-08-10 12:00 97792 c:\windows\system32\dllcache\chtmbx.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 14336 c:\windows\system32\dllcache\chgusr.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 14336 c:\windows\system32\dllcache\chgusr.exe
- 2004-08-10 19:00 . 2004-08-10 19:00 15872 c:\windows\system32\dllcache\chgport.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 15872 c:\windows\system32\dllcache\chgport.exe
- 2004-08-10 19:00 . 2004-08-10 19:00 13312 c:\windows\system32\dllcache\chglogon.exe
+ 2004-08-10 19:00 . 2004-08-10 12:00 13312 c:\windows\system32\dllcache\chglogon.exe
+ 2009-07-03 22:11 . 2001-08-17 19:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2009-07-03 22:11 . 2001-08-17 19:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2009-07-03 22:11 . 2001-08-17 19:13 22044 c:\windows\system32\dllcache\cem28n5.sys
+ 2009-07-03 22:11 . 2001-08-17 19:13 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2009-07-03 22:11 . 2001-08-17 19:13 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2004-08-10 19:00 . 2004-08-10 19:00 49536 c:\windows\system32\dllcache\cdrom.sys
+ 2004-08-11 02:00 . 2004-08-11 02:00 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2009-07-03 22:11 . 2004-08-04 06:10 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2009-07-03 22:11 . 2001-08-17 19:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2009-07-03 22:11 . 2001-08-17 19:12 39680 c:\windows\system32\dllcache\cb325.sys
+ 2009-07-03 22:11 . 2001-08-17 19:12 37916 c:\windows\system32\dllcache\cb102.sys
- 2004-08-10 19:00 . 2004-08-10 19:00 54528 c:\windows\system32\dllcache\cap7146.sys
+ 2004-08-10 19:00 . 2004-08-10 12:00 54528 c:\windows\system32\dllcache\cap7146.sys
+ 2009-07-03 22:11 . 2001-08-18 05:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2004-08-10 19:00 . 2004-08-10 12:00 10752 c:\windows\system32\dllcache\c_iscii.dll
- 2004-08-10 19:00 . 2004-08-10 19:00 10752 c:\windows\system32\dllcache\c_iscii.dll
+ 2009-07-03 22:11 . 2001-08-17 20:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2009-07-03 22:11 . 2004-08-04 06:10 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2009-07-03 22:11 . 2004-08-04 06:10 35456 c:\windows\system32\dllcache\bthprint.sys
+ 2009-07-03 22:11 . 2004-08-04 06:10 38016 c:\windows\system32\dllcache\bthmodem.sys
+ 2009-07-03 22:11 . 2004-08-04 06:10 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2009-07-03 22:11 . 2001-08-17 19:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2009-07-03 22:11 . 2001-08-17 20:12 10368 c:\windows\system32\dllcache\b

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Most likely a false positive. Just to be on the safe side, run a scan to confirm this. I want you to upload this file (c:\windows\system32\proquota.exe ) to http://virusscan.jotti.org and report back what it found.

For your other question, I assume this is using Outlook. I don't recall it blocking word documents before, but for those file types that are blocked, a registry edit will be required. I know .exe files are blocked. So adding the exe extension into the specific registry key removes this restriction. You may want to post this in the proper forum and someone will assist you more with this problem.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

gawilson01 · Joined: Jun 29, 2009 Posts: 13

Here are the results of the scan of this file:

Filename: proquota.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 8 Jul 2009 03:43:17 (CET) Permalink

It appears that it is ok...

I have not been experiencing any problems as of late so I will go ahead and delete combo fix.

Thanks for all your help with this matter!

Amber

P.S. I am not using Outlook. I am using gmail. Not sure what the problem is...If you could give me the link to the right place I would appreciate it.
Thanks again!

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

No problem Amber. Glad the issue is resolved now.

For the Gmail issue, try asking in the Problem Solvers board. I'm definitely sure word documents shouldn't be blocked. I use it from time to time and don't have any issues viewing my word documents.

Topic locked since issue is resolved.