Help!

please help; trying to get rid of search engine hijacks.

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  IE 8  
Author Message
Jeromee



Joined: Jul 27, 2009
Posts: 4
PostPosted: Mon Jul 27, 2009 6:03 am    Post subject: please help; trying to get rid of search engine hijacks.
This is really annoying, please help me figure out what I need to remove, so I don't put any further damage on my PC. I really would appreciate it. Here's the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:27 AM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\USRSTA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [USRSTA.EXE] USRSTA.EXE START

O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cftmon] C:\WINDOWS\system32\hsimp.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe

O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe

O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-20\..\Run: [banufemoje] Rundll32.exe "C:\WINDOWS\system32\riwumagu.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1
\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RKLauncher.lnk = C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/...ctivex/

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si

O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://ssl.salesforce.com/dwnld/mailmerge/AXMailMerge.cab

O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Thank you for you time! Smile
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Mon Jul 27, 2009 9:43 pm    Post subject:
Welcome to Lockergnome.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Viewpoint

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [cftmon] C:\WINDOWS\system32\hsimp.exe
O4 - HKUS\S-1-5-20\..\Run: [banufemoje] Rundll32.exe "C:\WINDOWS\system32\riwumagu.dll",s (User 'NETWORK SERVICE')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\hsimp.exe
C:\WINDOWS\system32\riwumagu.dll
C:\Program Files\runit\

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
Back to top
AIM Address Yahoo Messenger
Jeromee



Joined: Jul 27, 2009
Posts: 4
PostPosted: Tue Jul 28, 2009 4:13 am    Post subject:
here's the log:

ComboFix 09-07-27.02 - Dee-Jay 07/28/2009 3:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.688 [GMT -4:00]
Running from: c:\documents and settings\Dee-Jay\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dee-Jay\Start Menu\Programs\Startup\runit_32.lnk
c:\windows\Installer\684ae5b.msi
c:\windows\Installer\b42e8f.msp
c:\windows\rikt4682.exe
c:\windows\rpka2120.exe
c:\windows\system32\drivers\vsfoceqjduiqhi.sys
c:\windows\system32\vhosts.exe
c:\windows\system32\vsfocebmumesrt.dll
c:\windows\system32\vsfoceiubrxnli.dll
c:\windows\system32\vsfoceknsxfmyh.dat
c:\windows\system32\vsfoceqsyntymd.dat
c:\windows\vgep4557.exe
c:\windows\xufdo4324.exe



.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfocebabwwkmp
-------\Legacy_MSUPDATE
-------\Service_msupdate


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 07:18 . 2009-07-28 07:18 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\AVG8
2009-07-28 03:18 . 2009-07-28 03:24 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-27 14:47 . 2009-07-28 02:37 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\18410674
2009-07-27 08:43 . 2009-07-27 08:43 -------- d-----w- c:\program files\Trend Micro
2009-07-27 08:29 . 2009-07-27 08:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-26 10:40 . 2009-07-26 10:40 412160 ----a-w- c:\windows\jcmf4460.exe
2009-07-26 10:40 . 2009-07-26 10:40 332888 ----a-w- c:\windows\system32\20090713050445-SSM.exe
2009-07-26 10:40 . 2009-07-26 10:40 370343 ----a-w- c:\windows\pegm1388.exe
2009-07-13 15:11 . 2009-07-13 15:11 -------- dc----w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\MTV Networks
2009-07-06 07:13 . 2009-07-06 07:13 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\InstallShield
2009-07-06 04:22 . 2009-07-06 04:22 -------- dc----w- C:\My Video
2009-07-06 00:18 . 2009-07-06 00:18 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-03 10:27 . 2009-07-03 10:27 -------- d-----w- c:\program files\MarkAny
2009-07-02 19:41 . 2009-07-13 15:23 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\Apple Computer
2009-07-02 13:34 . 2009-07-02 13:35 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Mozilla Firefox
2009-07-01 23:29 . 2009-07-01 23:29 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\DivX
2009-06-29 19:17 . 2009-06-29 19:17 -------- dc----w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\The Weather Channel
2009-06-28 15:59 . 2009-06-28 15:59 -------- dc----w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 07:38 . 2009-01-25 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 06:58 . 2008-02-03 09:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-27 14:25 . 2003-01-24 06:30 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\LimeWire
2009-07-27 08:52 . 2003-01-24 06:37 -------- d-----w- c:\program files\Yahoo!
2009-07-27 08:32 . 2009-02-15 02:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 08:30 . 2006-05-26 12:56 -------- d-----w- c:\program files\Java
2009-07-26 12:37 . 2009-04-05 21:13 -------- d-----w- c:\program files\Safari
2009-07-26 10:42 . 2009-07-26 10:42 4 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\NP.sys
2009-07-13 17:36 . 2009-01-25 03:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-25 03:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 07:17 . 2008-01-26 06:55 -------- d-----w- c:\program files\Common Files\Apple
2009-07-06 07:15 . 2007-07-07 07:52 -------- d-----w- c:\program files\Common Files\AOL
2009-07-06 07:12 . 2003-01-30 00:23 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\Datel
2009-07-06 07:12 . 2009-06-23 17:42 -------- d-----w- c:\program files\Graboid
2009-07-06 07:06 . 2006-03-29 00:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-06 07:05 . 2009-04-13 03:59 -------- d-----w- c:\program files\AVS4YOU
2009-07-06 04:23 . 2008-01-12 22:13 -------- d-----w- c:\program files\MyFree Codec
2009-07-03 10:27 . 2006-03-29 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 10:26 . 2003-01-24 05:06 -------- d-----w- c:\program files\Samsung
2009-07-03 00:03 . 2003-02-11 00:58 -------- d-----w- c:\program files\LimeWire
2009-06-29 07:55 . 2008-02-08 16:16 -------- d-----w- c:\program files\DivX
2009-06-29 07:53 . 2003-01-24 07:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-25 17:38 . 2009-06-25 17:38 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\Yahoo!
2009-06-24 16:47 . 2009-06-24 16:47 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment
2009-06-24 16:47 . 2009-06-24 16:47 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\InstallShield Installation Information
2009-06-23 18:30 . 2009-06-23 17:42 -------- d-----w- c:\program files\VideoLAN
2009-06-23 18:29 . 2009-06-23 18:28 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\vlc
2009-06-23 18:27 . 2009-06-23 18:27 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\MozillaControl
2009-06-17 23:21 . 2009-06-17 23:21 23160 -c--a-w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 23:42 . 2009-04-05 23:46 -------- d-----w- c:\program files\iTunes
2009-06-01 23:42 . 2009-06-01 23:42 -------- d-----w- c:\program files\iPod
2009-06-01 23:38 . 2009-06-01 23:37 -------- d-----w- c:\program files\QuickTime
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-23 23:00 . 2009-01-26 21:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-01 15872]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-08-04 684032]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-10-17 4608]
"USRSTA.EXE"="USRSTA.EXE" - c:\windows\system32\USRSTA.exe [2002-04-26 195584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RKLauncher.lnk - c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe [2007-3-16 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/9/2008 3:39 PM 24652]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [1/24/2003 1:25 AM 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/17/2009 12:43 AM 33176]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SMC2635W;SMC2635W 11Mbps Wireless Cardbus Adapter;c:\windows\system32\DRIVERS\SMC2635W.sys --> c:\windows\system32\DRIVERS\SMC2635W.sys [?]
S3 USR;U.S. Robotics Wireless Access 802.11b Driver;c:\windows\system32\drivers\USRNDS.sys [4/25/2002 10:43 PM 51712]
S3 w32n5117;SMC2635W Wireless Adapter NDIS5 Protocol Driver;\??\c:\windows\system32\w32n5117.SYS --> c:\windows\system32\w32n5117.SYS [?]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SansaDispatch - c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} - hxxps://ssl.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - hxxp://www.bigad.com.au/player/vivid_ocx.jpeg
FF - ProfilePath - c:\docume~1\Dee-Jay\APPLIC~1\Mozilla\Firefox\Profiles\y7uuqjo5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Dee-Jay\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 04:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3840)
c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.dll
c:\program files\YzShadow\YzShadow.dll
c:\program files\UberIcon\UberIcon.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\WinRoll\winroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\credui.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-28 4:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 08:12

Pre-Run: 12,096,843,776 bytes free
Post-Run: 12,619,096,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

273 --- E O F --- 2009-03-25 22:53
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Tue Jul 28, 2009 10:06 pm    Post subject:
Unless you recognize the files/folder below, run the CFScript.txt to remove them:

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
File::
c:\docume~1\ALLUSE~1\APPLIC~1\18410674
Folder::
c:\windows\jcmf4460.exe
c:\windows\system32\20090713050445-SSM.exe
c:\windows\pegm1388.exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Back to top
AIM Address Yahoo Messenger
Jeromee



Joined: Jul 27, 2009
Posts: 4
PostPosted: Thu Jul 30, 2009 3:23 am    Post subject:
here are both logs:

ComboFix

09-07-29.03 - Dee-Jay 07/30/2009 2:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.298 [GMT -4:00]
Running from: c:\documents and settings\Dee-Jay\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dee-Jay\My Documents\Downloads\CFScript.txt

FILE ::
"c:\docume~1\ALLUSE~1\APPLIC~1\18410674"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\ntkrnlpa.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{C94A547C-E4F3-4C48-B8F8-50B283FCF810}\RP3\A0000789.exe

Infected copy of c:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{C94A547C-E4F3-4C48-B8F8-50B283FCF810}\RP3\A0000790.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-29 16:45 . 2009-07-29 16:45 -------- dc----w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\Apple
2009-07-29 05:42 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 05:42 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 03:23 . 2009-07-29 03:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-28 19:48 . 2009-07-28 19:48 -------- dcsh--w- c:\documents and settings\Dominic & Dillon\IETldCache
2009-07-28 12:12 . 2009-07-28 12:12 -------- dc----w- c:\documents and settings\Dee-Jay\Local Settings\Application Data\ArcSoft
2009-07-28 12:12 . 2009-07-28 12:12 -------- dc----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-07-28 10:55 . 2009-07-28 12:31 -------- d-----w- c:\program files\IrfanView
2009-07-28 09:51 . 2009-07-28 09:51 -------- dcsh--w- c:\documents and settings\Dee-Jay\IETldCache
2009-07-28 09:38 . 2009-07-28 09:38 -------- d-----w- c:\windows\ie8updates
2009-07-28 09:38 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-28 09:30 . 2009-07-28 09:37 -------- dc-h--w- c:\windows\ie8
2009-07-28 08:24 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-28 08:24 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-28 08:24 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-28 08:24 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-28 08:24 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-28 08:24 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-28 08:24 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-28 08:24 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-28 08:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-28 08:14 . 2008-04-21 12:08 242688 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2009-07-28 07:37 . 2009-07-28 07:37 3775175 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-28 07:18 . 2009-07-28 07:18 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\AVG8
2009-07-28 03:18 . 2009-07-28 03:24 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 14:47 . 2009-07-28 02:37 -------- dc----w- c:\documents and settings\All Users\Application Data\18410674
2009-07-27 08:43 . 2009-07-27 08:43 -------- d-----w- c:\program files\Trend Micro
2009-07-27 08:29 . 2009-07-27 08:29 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-26 10:42 . 2009-07-26 10:42 4 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\NP.sys
2009-07-26 10:40 . 2009-07-26 10:40 412160 ----a-w- c:\windows\jcmf4460.exe
2009-07-26 10:40 . 2009-07-26 10:40 332888 ----a-w- c:\windows\system32\20090713050445-SSM.exe
2009-07-26 10:40 . 2009-07-26 10:40 370343 ----a-w- c:\windows\pegm1388.exe
2009-07-13 15:11 . 2009-07-13 15:11 -------- dc----w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\MTV Networks
2009-07-13 14:19 . 2009-07-13 14:19 7680 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
2009-07-13 10:18 . 2009-07-07 02:44 937984 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-13 10:18 . 2009-07-07 02:44 65536 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-13 10:18 . 2009-07-07 02:44 4722688 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-13 10:18 . 2009-07-07 02:44 344064 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-13 10:18 . 2009-07-07 02:44 106496 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-13 10:18 . 2009-07-07 02:44 103424 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 07:13 . 2009-07-06 07:13 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\InstallShield
2009-07-06 04:22 . 2009-07-06 04:22 -------- dc----w- C:\My Video
2009-07-06 00:18 . 2009-07-06 00:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 10:27 . 2009-07-03 10:27 -------- d-----w- c:\program files\MarkAny
2009-07-02 19:41 . 2009-07-13 15:23 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\Apple Computer
2009-07-01 23:29 . 2009-07-01 23:29 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\DivX
2009-07-01 07:02 . 2009-06-30 23:19 106496 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Mozilla\Plugins\npcoolirisplugin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 03:23 . 2009-07-02 13:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
2009-07-29 12:49 . 2003-01-24 06:18 -------- d-----w- c:\program files\ArcSoft
2009-07-29 12:49 . 2003-01-24 06:21 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-07-29 12:49 . 2006-03-29 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 12:21 . 2007-07-01 06:00 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\ArcSoft
2009-07-28 07:38 . 2009-01-25 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 06:58 . 2008-02-03 09:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-27 14:25 . 2003-01-24 06:30 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\LimeWire
2009-07-27 08:52 . 2003-01-24 06:37 -------- d-----w- c:\program files\Yahoo!
2009-07-27 08:32 . 2009-02-15 02:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 08:32 . 2009-06-11 05:37 152576 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-27 08:30 . 2006-05-26 12:56 -------- d-----w- c:\program files\Java
2009-07-26 12:37 . 2009-04-05 21:13 -------- d-----w- c:\program files\Safari
2009-07-13 17:36 . 2009-01-25 03:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-25 03:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:19 . 2009-07-13 14:19 610304 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\LimeWire\browser\xulrunner\js3250.dll
2009-07-06 07:17 . 2008-01-26 06:55 -------- d-----w- c:\program files\Common Files\Apple
2009-07-06 07:15 . 2007-07-07 07:52 -------- d-----w- c:\program files\Common Files\AOL
2009-07-06 07:12 . 2003-01-30 00:23 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\Datel
2009-07-06 07:12 . 2009-06-23 17:42 -------- d-----w- c:\program files\Graboid
2009-07-06 07:06 . 2006-03-29 00:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-06 07:05 . 2009-04-13 03:59 -------- d-----w- c:\program files\AVS4YOU
2009-07-06 04:23 . 2008-01-12 22:13 -------- d-----w- c:\program files\MyFree Codec
2009-07-03 17:09 . 2005-10-21 03:39 892928 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 10:26 . 2003-01-24 05:06 -------- d-----w- c:\program files\Samsung
2009-07-03 00:03 . 2003-02-11 00:58 -------- d-----w- c:\program files\LimeWire
2009-06-29 07:55 . 2008-02-08 16:16 -------- d-----w- c:\program files\DivX
2009-06-29 07:53 . 2003-01-24 07:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-25 17:38 . 2009-06-25 17:38 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\Yahoo!
2009-06-24 16:53 . 2009-06-24 16:53 449536 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-06-24 16:53 . 2009-06-24 16:53 389120 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-06-24 16:50 . 2009-06-24 16:50 626688 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\msvcr80.dll
2009-06-24 16:50 . 2009-06-24 16:50 59904 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2009-06-24 16:50 . 2009-06-24 16:50 548864 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2009-06-24 16:50 . 2009-06-24 16:50 389120 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\mss32.dll
2009-06-24 16:50 . 2009-06-24 16:50 1101824 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\mfc80.dll
2009-06-24 16:50 . 2009-06-24 16:50 1376256 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\libXmlDocument.dll
2009-06-24 16:50 . 2009-06-24 16:50 1645320 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\gdiplus.dll
2009-06-24 16:50 . 2009-06-24 16:50 1045128 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment\Wizard101\Bin\dbghelp.dll
2009-06-24 16:47 . 2009-06-24 16:47 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\KingsIsle Entertainment
2009-06-24 16:47 . 2009-06-24 16:47 -------- dc----w- c:\documents and settings\Dominic & Dillon\Application Data\InstallShield Installation Information
2009-06-24 16:47 . 2009-06-24 16:47 555520 -c----w- c:\documents and settings\Dominic & Dillon\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\ISSetup.dll
2009-06-24 16:47 . 2009-06-24 16:47 393216 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
2009-06-24 16:47 . 2009-06-24 16:47 148792 -c--a-w- c:\documents and settings\Dominic & Dillon\Application Data\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\_Setup.dll
2009-06-24 13:25 . 2009-07-02 13:34 632312 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\nss3.dll
2009-06-24 13:25 . 2009-07-02 13:34 722424 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\mozcrt19.dll
2009-06-24 13:25 . 2009-07-02 13:34 169464 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\nspr4.dll
2009-06-24 13:25 . 2009-07-02 13:34 917496 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\js3250.dll
2009-06-24 13:25 . 2009-07-02 13:34 908280 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\firefox.exe
2009-06-24 13:25 . 2009-07-02 13:34 120312 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\crashreporter.exe
2009-06-24 13:25 . 2009-07-02 13:34 17912 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\AccessibleMarshal.dll
2009-06-24 13:25 . 2009-07-02 13:34 552152 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\uninstall\helper.exe
2009-06-24 11:27 . 2009-07-02 13:34 249856 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\freebl3.dll
2009-06-24 11:27 . 2009-07-02 13:34 155648 -c--a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\softokn3.dll
2009-06-23 18:30 . 2009-06-23 17:42 -------- d-----w- c:\program files\VideoLAN
2009-06-23 18:29 . 2009-06-23 18:28 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\vlc
2009-06-23 18:27 . 2009-06-23 18:27 -------- dc----w- c:\documents and settings\Dee-Jay\Application Data\MozillaControl
2009-06-17 23:21 . 2009-06-17 23:21 23160 -c--a-w- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2004-08-04 05:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2004-08-04 05:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 23:42 . 2009-04-05 23:46 -------- d-----w- c:\program files\iTunes
2009-06-01 23:42 . 2009-06-01 23:42 -------- d-----w- c:\program files\iPod
2009-06-01 23:38 . 2009-06-01 23:37 -------- d-----w- c:\program files\QuickTime
2009-06-01 23:27 . 2009-06-01 23:27 75048 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-07 15:32 . 2004-08-04 05:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 20:12 . 2009-05-06 20:12 965344 -c--a-w- c:\documents and settings\Dee-Jay\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-23 23:00 . 2009-01-26 21:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 05:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2008-04-14 00:12 578048 051844654F244CE58DB6969A1EE76546 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\user32.dll

[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\FlyakiteOSX\Backup\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\ie7\wininet.dll
[7] 2006-10-17 18:33 818688 FED30AFC65931E390B3C90DC63E29E42 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 14:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 817152 5044269D9DC59326D8EE54C28ACD7003 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 803840 56F0AF868FD187F389D10A2844D7CEA8 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[-] 2009-03-08 08:34 892416 6C29AC2D37C65EDCDF25F14D4E2BD4F9 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-07-03 17:09 892928 5F45AD3549FF6B4320CD25369B0E8EF0 c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[7] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\SP3GDR\wininet.dll
[7] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\SP3QFE\wininet.dll
[-] 2009-07-03 17:09 892928 5F45AD3549FF6B4320CD25369B0E8EF0 c:\windows\system32\wininet.dll
[-] 2009-07-03 17:09 892928 5F45AD3549FF6B4320CD25369B0E8EF0 c:\windows\system32\dllcache\wininet.dll

[-] 2008-04-14 00:12 1366016 8E348959F6304E138DE70637F8D10ACC c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 975360 9784E0719124E4A23989AEF9E7CA02D6 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 05:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 00:12 1366016 8E348959F6304E138DE70637F8D10ACC c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1366016 8E348959F6304E138DE70637F8D10ACC c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-04 05:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[7] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2008-04-14 00:11 828928 00E7E4EA8842904FCB823CE68CD2FF92 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 828928 00E7E4EA8842904FCB823CE68CD2FF92 c:\windows\system32\comres.dll

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-04 05:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 00:11 735744 6CF17ADB4D64B93C6E449627D7722237 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 735744 6CF17ADB4D64B93C6E449627D7722237 c:\windows\system32\comctl32.dll
[7] 2004-08-04 05:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\InstallTemp\920538\comctl32.dll
[-] 2001-08-23 12:00 919552 3DB20630FBA2A7B03CA25105B0149129 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 05:57 1048576 1B84FA33E4F0DFCB7047B92675F8281B c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot RemoveThis @2009-07-28_08.06.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-30 07:03 . 2009-07-30 07:03 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
- 2009-07-28 08:04 . 2009-07-28 08:04 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2004-08-04 05:56 . 2009-03-08 08:34 43520 c:\windows\system32\url.dll
- 2004-08-04 05:56 . 2008-12-20 23:15 43520 c:\windows\system32\url.dll
+ 2006-03-28 20:41 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2006-12-29 23:12 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 05:56 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2005-10-21 03:39 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
- 2001-08-23 12:00 . 2009-07-13 14:23 59618 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-07-28 09:56 59618 c:\windows\system32\perfc009.dat
+ 2006-06-29 13:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 22:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-03-28 19:08 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2006-03-28 19:08 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 05:56 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 05:56 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
- 2004-08-04 05:56 . 2006-10-17 17:28 48128 c:\windows\system32\mshtmler.dll
+ 2005-10-21 03:39 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 05:56 . 2006-10-17 17:56 45568 c:\windows\system32\mshta.exe
+ 2004-08-04 05:56 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 17:58 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-10-17 18:33 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-28 19:08 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2006-03-28 19:08 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 05:56 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2005-10-21 03:39 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2006-10-17 18:01 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 05:56 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 13:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 17:58 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
- 2004-08-04 05:56 . 2008-12-20 23:15 43520 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 05:56 . 2009-03-08 08:34 43520 c:\windows\system32\dllcache\url.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2005-10-21 03:39 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 05:56 . 2006-10-17 17:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2005-10-21 03:39 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 05:56 . 2006-10-17 17:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 05:56 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-06-06 18:42 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 05:56 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-10-21 03:39 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2007-06-06 18:42 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-06-06 18:42 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 05:56 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-10-10 23:55 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-03-28 19:10 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
- 2009-01-25 05:21 . 2008-12-20 23:15 43520 c:\windows\ServicePackFiles\i386\url.dll
+ 2009-01-25 05:21 . 2009-03-08 08:34 43520 c:\windows\ServicePackFiles\i386\url.dll
+ 2009-01-25 05:19 . 2004-08-04 13:56 65024 c:\windows\ServicePackFiles\i386\mydocs.dll
+ 2009-01-25 05:16 . 2008-04-14 00:11 72192 c:\windows\ServicePackFiles\i386\batmeter.dll
- 2006-03-28 22:46 . 2009-07-16 22:22 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 37888 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 37888 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 18944 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 18944 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-29 22:03 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 22:03 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 22:03 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-07-28 09:35 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
+ 2009-07-28 09:30 . 2006-10-17 17:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-07-28 09:30 . 2006-10-17 17:56 45568 c:\windows\ie8\mshta.exe
+ 2009-07-28 09:30 . 2006-10-17 17:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-07-28 09:30 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-07-28 09:30 . 2006-10-17 18:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
+ 2009-07-28 09:30 . 2006-10-17 18:00 92672 c:\windows\ie8\inseng.dll
+ 2009-07-28 09:30 . 2006-10-17 17:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-07-28 09:30 . 2006-10-17 18:01 55296 c:\windows\ie8\iesetup.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
+ 2009-07-28 09:30 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-07-28 09:30 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2009-07-28 09:30 . 2006-10-17 17:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-07-28 09:30 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-07-28 09:30 . 2006-10-17 18:01 71680 c:\windows\ie8\admparse.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 43520 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-07-28 09:25 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-07-28 09:25 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-07-28 09:25 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-07-28 09:25 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-07-28 09:25 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
- 2009-04-08 06:30 . 2009-07-16 22:22 90112 c:\windows\FlyakiteOSX\Backup\xlicons.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 90112 c:\windows\FlyakiteOSX\Backup\xlicons.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 45056 c:\windows\FlyakiteOSX\Backup\wordicon.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 45056 c:\windows\FlyakiteOSX\Backup\wordicon.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 30720 c:\windows\FlyakiteOSX\Backup\pptico.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 30720 c:\windows\FlyakiteOSX\Backup\pptico.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 34304 c:\windows\FlyakiteOSX\Backup\misc.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 34304 c:\windows\FlyakiteOSX\Backup\misc.exe
+ 2009-07-28 09:38 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
+ 2009-04-08 06:30 . 2009-07-28 09:42 3584 c:\windows\FlyakiteOSX\Backup\opwicon.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 3584 c:\windows\FlyakiteOSX\Backup\opwicon.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 8192 c:\windows\FlyakiteOSX\Backup\mspicons.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 8192 c:\windows\FlyakiteOSX\Backup\mspicons.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 2560 c:\windows\FlyakiteOSX\Backup\cagicon.exe
+ 2009-04-08 06:30 . 2009-07-28 09:42 2560 c:\windows\FlyakiteOSX\Backup\cagicon.exe
+ 2003-02-12 03:34 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2003-02-12 03:34 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2004-08-04 05:56 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-04 05:56 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2006-10-17 18:05 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-06-19 20:19 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe
+ 2006-06-19 20:20 . 2009-03-11 02:18 239496 c:\windows\system32\WgaLogon.dll
+ 2004-08-04 05:56 . 2009-03-08 08:34 369664 c:\windows\system32\webcheck.dll
+ 2006-03-28 19:08 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-03-28 19:08 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-03-28 19:08 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-04 05:56 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-04 05:56 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-04 05:56 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2001-08-23 12:00 . 2009-07-13 14:23 393484 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-07-28 09:56 393484 c:\windows\system32\perfh009.dat
+ 2004-08-04 05:56 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-04 05:56 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 183808 c:\windows\system32\occache.dll
+ 2004-08-04 05:56 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2005-10-21 03:39 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2005-10-21 03:39 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
- 2001-08-23 12:00 . 2006-10-17 18:33 156160 c:\windows\system32\msls31.dll
+ 2001-08-23 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2006-10-17 18:33 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2006-03-28 19:08 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2006-03-28 19:08 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-03-28 19:08 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2006-03-28 19:08 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2006-03-28 19:08 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 05:56 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
- 2004-08-04 05:56 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 05:56 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2006-10-17 18:33 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2005-10-21 03:39 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 17:27 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 275968 c:\windows\system32\ieaksie.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 05:56 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-28 13:53 . 2009-04-08 06:46 129784 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-28 13:53 . 2009-07-28 09:51 129784 c:\windows\system32\FNTCACHE.DAT
- 2005-10-21 03:39 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2005-10-21 03:39 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2005-10-21 03:39 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-03-28 19:08 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2006-06-19 20:19 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2006-06-19 20:20 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
+ 2004-08-04 05:56 . 2009-03-08 08:34 369664 c:\windows\system32\dllcache\webcheck.dll
+ 2006-03-28 19:10 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 183808 c:\windows\system32\dllcache\occache.dll
+ 2005-10-21 03:39 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2005-10-21 03:39 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2001-08-23 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2001-08-23 12:00 . 2006-10-17 18:33 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-06-06 18:42 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-03-28 19:10 . 2009-03-08 18:09 415584 c:\windows\system32\dllcache\iexplore.exe
+ 2005-10-21 03:39 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 05:56 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-06-06 18:42 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 275968 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 05:56 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 05:56 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2005-10-21 03:39 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2005-10-21 03:39 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2005-10-21 03:39 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 05:56 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 05:56 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2004-08-04 05:56 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2004-08-04 05:56 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2009-01-25 05:21 . 2008-04-21 12:08 242688 c:\windows\ServicePackFiles\i386\wordpad.exe
+ 2009-01-25 05:21 . 2009-03-08 08:34 369664 c:\windows\ServicePackFiles\i386\webcheck.dll
+ 2009-01-25 05:19 . 2009-07-03 17:09 183808 c:\windows\ServicePackFiles\i386\occache.dll
+ 2009-01-25 05:18 . 2008-04-14 00:12 321024 c:\windows\ServicePackFiles\i386\mstask.dll
+ 2009-01-25 05:17 . 2009-03-08 18:09 415584 c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2009-01-25 05:17 . 2009-03-08 08:33 275968 c:\windows\ServicePackFiles\i386\ieaksie.dll
+ 2009-01-25 05:16 . 2008-04-14 00:11 180736 c:\windows\ServicePackFiles\i386\credui.dll
+ 2009-01-25 05:16 . 2008-04-14 00:12 382976 c:\windows\ServicePackFiles\i386\cmd.exe
+ 2009-04-20 18:59 . 2009-04-20 18:59 219648 c:\windows\Installer\577aa5.msp
+ 2009-02-10 12:50 . 2009-02-10 12:50 536576 c:\windows\Installer\577a7f.msp
+ 2009-07-29 22:01 . 2009-07-29 22:01 248832 c:\windows\Installer\3b9307a.msi
- 2006-03-28 22:46 . 2009-07-16 22:22 151552 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 151552 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 147456 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 147456 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 111104 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 111104 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 352256 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 352256 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 165376 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 165376 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-03-28 22:46 . 2009-07-28 09:42 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-03-28 22:46 . 2009-07-16 22:22 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-07-28 09:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-07-28 09:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-07-29 22:03 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 22:03 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 22:03 . 2009-03-08 08:34 130048 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 22:03 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 22:03 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 22:03 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 22:03 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 22:03 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-07-28 09:30 . 2006-10-17 18:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-07-28 09:30 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
+ 2009-07-28 09:30 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-07-28 09:30 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
+ 2009-07-28 09:35 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-07-28 09:35 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-07-28 09:30 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-07-28 09:30 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
+ 2009-07-28 09:30 . 2006-10-17 18:33 156160 c:\windows\ie8\msls31.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
+ 2009-07-28 09:30 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-07-28 09:30 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
+ 2009-07-28 09:30 . 2006-10-17 18:33 180736 c:\windows\ie8\ieui.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
+ 2009-07-28 09:30 . 2006-10-17 18:33 287744 c:\windows\ie8\ieproxy.dll
+ 2009-07-28 09:30 . 2006-10-17 18:33 191488 c:\windows\ie8\iepeers.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-07-28 09:30 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 366080 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-07-28 09:25 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-07-28 09:25 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-07-28 09:25 . 2008-12-20 23:15 123392 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-07-28 09:25 . 2008-12-19 05:25 411304 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-07-28 09:25 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-07-28 09:25 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 276992 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2009-04-08 06:30 . 2008-04-21 12:08 215552 c:\windows\FlyakiteOSX\Backup\wordpad.exe
+ 2009-04-08 06:29 . 2009-03-08 08:34 236544 c:\windows\FlyakiteOSX\Backup\webcheck.dll
+ 2009-04-08 06:29 . 2009-03-08 08:34 105984 c:\windows\FlyakiteOSX\Backup\url.dll
- 2009-04-08 06:29 . 2008-12-20 23:15 105984 c:\windows\FlyakiteOSX\Backup\url.dll
+ 2009-04-08 06:30 . 2009-07-28 09:42 114688 c:\windows\FlyakiteOSX\Backup\outicon.exe
- 2009-04-08 06:30 . 2009-07-16 22:22 114688 c:\windows\FlyakiteOSX\Backup\outicon.exe
+ 2009-04-08 06:28 . 2009-07-03 17:09 206848 c:\windows\FlyakiteOSX\Backup\occache.dll
+ 2009-04-08 06:29 . 2009-03-08 18:09 638816 c:\windows\FlyakiteOSX\Backup\iexplore.exe
+ 2009-04-08 06:28 . 2009-03-08 08:33 229376 c:\windows\FlyakiteOSX\Backup\ieaksie.dll
+ 2004-08-04 04:17 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2005-11-05 03:16 . 2009-07-03 17:09 1219584 c:\windows\system32\urlmon.dll
+ 2004-08-04 04:20 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-07 23:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2005-11-24 01:06 . 2009-07-19 13:18 5848064 c:\windows\system32\mshtml.dll
+ 2006-06-19 20:19 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2006-10-17 17:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 05:01 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-01-25 03:15 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2005-11-05 03:16 . 2009-07-03 17:09 1219584 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 22:20 . 2008-04-14 00:12 1551360 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 04:20 . 2009-02-06 11:08 2146688 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-25 03:15 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-25 03:15 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-03 22:59 . 2009-02-07 23:02 2023680 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2023680 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-25 03:15 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-01-25 03:15 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2005-11-24 01:06 . 2009-07-19 13:18 5848064 c:\windows\system32\dllcache\mshtml.dll
+ 2007-06-06 18:42 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-06-06 18:42 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 22:20 . 2008-04-14 00:11 1016832 c:\windows\system32\dllcache\browseui.dll
+ 2009-01-25 05:21 . 2009-07-03 17:09 1219584 c:\windows\ServicePackFiles\i386\urlmon.dll
+ 2009-01-25 05:19 . 2009-02-06 11:08 2146688 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
+ 2009-01-25 05:19 . 2009-02-07 23:02 2023680 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
- 2009-01-25 05:19 . 2008-08-14 09:33 2023680 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2009-01-25 05:19 . 2008-04-14 00:12 1704960 c:\windows\ServicePackFiles\i386\netshell.dll
+ 2009-01-25 05:18 . 2009-07-19 13:18 5848064 c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2009-01-25 05:18 . 2008-04-14 00:11 2157056 c:\windows\ServicePackFiles\i386\msgina.dll
+ 2009-01-25 05:16 . 2008-04-14 00:11 1016832 c:\windows\ServicePackFiles\i386\browseui.dll
+ 2009-05-01 03:02 . 2009-05-01 03:02 9628672 c:\windows\Installer\577a93.msp
+ 2009-04-29 19:03 . 2009-04-29 19:03 8404992 c:\windows\Installer\4c44be.msp
+ 2009-07-29 22:03 . 2009-03-08 08:34 1217024 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 22:03 . 2009-03-08 08:41 5847552 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 22:03 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
+ 2009-07-28 09:30 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
+ 2009-07-28 09:30 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
+ 2009-07-28 09:30 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2009-07-28 09:25 . 2008-12-20 23:15 1170432 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-07-28 09:25 . 2009-01-17 02:35 3505152 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-07-28 09:25 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-07-28 09:25 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2009-07-30 07:06 . 2009-02-06 11:08 2189056 c:\windows\FlyakiteOSX\TempFiles\ntoskrnl.exe
+ 2009-07-30 07:05 . 2009-02-07 23:02 2066048 c:\windows\FlyakiteOSX\TempFiles\ntkrnlpa.exe
+ 2009-04-08 06:29 . 2009-07-03 17:09 1208832 c:\windows\FlyakiteOSX\Backup\urlmon.dll
+ 2009-04-08 06:30 . 2009-04-30 20:21 6096728 c:\windows\FlyakiteOSX\Backup\POWERPNT.EXE
+ 2009-04-08 06:31 . 2009-02-06 11:08 2189056 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
+ 2009-04-08 06:31 . 2009-02-07 23:02 2066048 c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
- 2009-04-08 06:31 . 2008-08-14 09:33 2066048 c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
+ 2009-04-08 06:28 . 2009-07-19 13:18 5937152 c:\windows\FlyakiteOSX\Backup\mshtml.dll
+ 2009-04-08 06:30 . 2009-05-05 17:53 9361232 c:\windows\FlyakiteOSX\Backup\EXCEL.EXE
+ 2009-01-25 03:15 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-25 03:15 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-25 03:15 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-25 03:15 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-25 03:15 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-25 03:15 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-25 03:15 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-07-28 09:11 . 2009-07-07 12:10 24539592 c:\windows\system32\MRT.exe
+ 2006-10-17 18:33 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2007-06-06 18:42 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-05-05 22:06 . 2009-05-05 22:06 17515008 c:\windows\Installer\577ab8.msp
+ 2009-07-29 22:03 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-04-08 06:30 . 2009-04-29 18:37 10735616 c:\windows\FlyakiteOSX\Backup\WINWORD.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-01 15872]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-08-04 684032]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2002-10-17 4608]
"USRSTA.EXE"="USRSTA.EXE" - c:\windows\system32\USRSTA.exe [2002-04-26 195584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RKLauncher.lnk - c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe [2007-3-16 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/9/2008 3:39 PM 24652]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [1/24/2003 1:25 AM 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/17/2009 12:43 AM 33176]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SMC2635W;SMC2635W 11Mbps Wireless Cardbus Adapter;c:\windows\system32\DRIVERS\SMC2635W.sys --> c:\windows\system32\DRIVERS\SMC2635W.sys [?]
S3 USR;U.S. Robotics Wireless Access 802.11b Driver;c:\windows\system32\drivers\USRNDS.sys [4/25/2002 10:43 PM 51712]
S3 w32n5117;SMC2635W Wireless Adapter NDIS5 Protocol Driver;\??\c:\windows\system32\w32n5117.SYS --> c:\windows\system32\w32n5117.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-854245398-1007Core.job
- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 00:20]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-854245398-1007UA.job
- c:\documents and settings\Dominic & Dillon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-06 00:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} - hxxps://ssl.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - hxxp://www.bigad.com.au/player/vivid_ocx.jpeg
FF - ProfilePath - c:\documents and settings\Dee-Jay\Application Data\Mozilla\Firefox\Profiles\y7uuqjo5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Thu Jul 30, 2009 6:18 pm    Post subject:
Made a mistake....use the following:

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
File::
c:\windows\jcmf4460.exe
c:\windows\system32\20090713050445-SSM.exe
c:\windows\pegm1388.exe
Folder::
c:\docume~1\ALLUSE~1\APPLIC~1\18410674

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far? Where is the GooredFix log?
Back to top
AIM Address Yahoo Messenger
Jeromee



Joined: Jul 27, 2009
Posts: 4
PostPosted: Thu Jul 30, 2009 11:57 pm    Post subject:
actually everything is awesome. i think the problem is definitely fixed now.
thank you very much! i appreciate all the help!! Smile
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Fri Jul 31, 2009 3:36 pm    Post subject:
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it.
Back to top
AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum