Solved Browser Redirects

Status
Not open for further replies.
L

Llanonite

Posts: 15   +0
Random redirects with Firefox. I've been fighting this one for some time. It seems to travel from pc to pc through my home network at times disabling my routers.
 

Attachments

  • Attach.txt
    5.8 KB · Views: 1
  • DDS.txt
    10.8 KB · Views: 1
  • mbam-log-2010-10-06 (10-42-32).txt
    1.3 KB · Views: 1
  • gmer.log
    8.3 KB · Views: 1
Welcome to TechSpot! I'll help with the malware. I expected to see evidence of a DNS Changer infection from your description, but there isn't any obvious. Have you recently done a reformat/reinstall? I don't get to say this very often, but there aren't many installed programs or running processes.

Can you explain what you mean about disabling to router? If you do have malware in one system, your description indicates other systems on the network are also affected.

There is evidence of a rootkit infection.
Please paste the logs into the next reply. OK to use multiple posts if needed.

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
======================================
Download the HijackThis Installer and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Stay off the network. The system will need to be cleaned individually. Don't use a flash drive while we're cleaning.
 
When I say it seems to disable my routers I mean there have been times when I could not connect to the network without resetting my routers. I began to worry that the malware or trojan had somehow found a way into my routers. After an initial cleaning of my hard wired pc's I flashed the bios to my routers and reconfigured them to get them going again. Today I started having issues with connecting my wireless access. I've had to reset my router twice already.


ComboFix 10-10-05.06 - Debbie 10/06/2010 18:01:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.736 [GMT -4:00]
Running from: c:\documents and settings\Debbie.DEBBIES\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 14:36 . 2010-10-06 14:36 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 14:35 . 2010-10-06 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 14:35 . 2010-10-06 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 14:35 . 2004-08-04 03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 22:05 . 2010-02-14 23:31 -------- d-----w- c:\program files\iWin Games
2010-10-06 17:11 . 2010-06-28 14:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 15:12 . 2010-07-25 13:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-10-03 21:42 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-03 21:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-03 22:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-03 21:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-03 21:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-03 21:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-03 22:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-03 21:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 02:30 . 2010-07-15 01:39 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Hoyle Puzzle and Board Games
2010-08-16 15:24 . 2010-08-16 15:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SOS
2010-08-04 14:43 . 2010-08-04 14:43 4096 ----a-w- c:\windows\d3dx.dat
2010-07-14 00:22 . 2010-07-14 00:22 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-14 00:22 . 2010-07-14 00:22 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-11 04:37 . 2010-07-11 04:37 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-30 638976]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\Debbie.DEBBIES\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2010-2-15 108544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2008 6:08 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2008 6:08 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 7:10 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lubbockonline.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Debbie.DEBBIES\Application Data\Mozilla\Firefox\Profiles\eljfz2pb.default\
FF - prefs.js: browser.startup.homepage - www.Lubbockonline.com
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,72,75,2a,ed,a4,68,1a,f8,f6,17,c3,8b,83,fa,1f,de,18,66,6a,36,e8,ad,
fb,de,83,48,b4,3c,20,4c,06,c3,96,57,7b,b3,07,cb,05,36,90,46,09,7d,13,d4,9b,\
"??"=hex:f6,f4,bc,0a,60,09,bc,89,a6,37,78,c5,dd,08,de,45

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\ICO.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2010-10-06 18:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 22:11

Pre-Run: 143,742,013,440 bytes free
Post-Run: 143,711,916,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BFF72FAF4AA9227CE6F1DADC140262D3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:06 PM, on 10/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lubbockonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 4747 bytes
 
I noticed you have iWin Games. This is a well known source of adware- possibly other pests, especially the iWin site itself. Combofix has removed some entries. With your permission, I'd like to include all iWin Games entries in the script I am setting up for you to run through Combofix. This will remove iWin Games.

While I am helping you, please stay out of the BIOS and the router until we find the cause. The router problem is most likely due to a setting or firmware, but if you keep resetting it, we won't be able to find the source of the problem. You may not be able to use the network while we try to ID the source. You have a rootkit.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
iastor.*
i8042prt.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 04.09.10 by jpshortstuff
Log created at 10:05 on 08/10/2010 by Debbie
Administrator - Elevation successful

========== filefind ==========

Searching for "iastor.*"
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.cat --a---- 11694 bytes [14:41 09/02/2008] [03:32 18/10/2007] 648DC3401A410A1A15DB9AB5FD0D61A6
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.inf --a---- 7676 bytes [14:41 09/02/2008] [03:38 30/09/2007] 7B045FDC2DE32615D924734BCDDEB3DE
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys --a---- 308248 bytes [14:41 09/02/2008] [05:03 30/09/2007] E5A0034847537EAEE3C00349D5C34C5F
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.cat --a---- 11694 bytes [14:41 09/02/2008] [03:32 18/10/2007] D381B5B3A6037096D6163A37AC1FAC93
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.inf --a---- 7676 bytes [14:41 09/02/2008] [03:38 30/09/2007] 7B045FDC2DE32615D924734BCDDEB3DE
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a---- 384024 bytes [14:41 09/02/2008] [05:03 30/09/2007] 16A4671255CFB842225F0FDB6DBDB414
C:\WINDOWS\NLDRV\001\iastor.cat --a---- 11128 bytes [18:46 08/02/2008] [18:46 08/02/2008] 13E7374A879A8EE74EEDB032118DE0D4
C:\WINDOWS\NLDRV\001\iastor.inf --a---- 7676 bytes [18:46 08/02/2008] [18:46 08/02/2008] A3687F81896CD69048320583E2E70CBC
C:\WINDOWS\NLDRV\001\iastor.PNF --a---- 13084 bytes [16:41 03/10/2008] [16:41 03/10/2008] 31ADF7E466E45DADF0A09D37198499F2
C:\WINDOWS\NLDRV\001\iastor.sys --a---- 305176 bytes [18:46 08/02/2008] [18:46 08/02/2008] 2358C53F30CB9DCD1D3843C4E2F299B2
C:\WINDOWS\system32\drivers\iaStor.sys --a---- 305176 bytes [18:46 08/02/2008] [18:46 08/02/2008] 2358C53F30CB9DCD1D3843C4E2F299B2

Searching for "i8042prt.*"
C:\cmdcons\I8042PRT.SY_ --a---- 26025 bytes [03:14 04/08/2004] [03:14 04/08/2004] 819D427AB9DBE6AC2960A585087CB766
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52736 bytes [11:00 04/08/2004] [03:14 04/08/2004] 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52736 bytes [11:00 04/08/2004] [03:14 04/08/2004] 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\i386\i8042prt.sys --a---- 52736 bytes [21:14 03/10/2008] [11:00 04/08/2004] 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\i386\i8042prt.sys --a---- 52736 bytes [21:16 03/10/2008] [03:14 04/08/2004] 5502B58EEF7486EE6F93F3F164DCB808

-= EOF =-
 
I think you made a wise decision. I see a lot of logs with infections from iWin.

Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
KillAll::
File::
c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe 
Folder::
c:\program files\iWin Games
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=-
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=-

RegNull::
[HKEY_USERS\S-1-5-21-1417001333-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

FCopy::
C:\WINDOWS\NLDRV\001\iastor.sys | C:\WINDOWS\system32\drivers\iaStor.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
===========================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

Close all Windows except for HijackThis and click on "Fix Checked."
=========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
ComboFix 10-10-05.06 - Debbie 10/08/2010 19:21:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.646 [GMT -4:00]
Running from: c:\documents and settings\Debbie.DEBBIES\Desktop\Rootkit\ComboFix.exe
Command switches used :: c:\documents and settings\Debbie.DEBBIES\Desktop\Rootkit\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
c:\program files\iWin Games
c:\program files\iWin Games\AdminWorker.exe
c:\program files\iWin Games\firefox\chrome\iwinarcade.jar
c:\program files\iWin Games\firefox\install.rdf
c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe
c:\program files\iWin Games\ftdownload.dat
c:\program files\iWin Games\host.cfg
c:\program files\iWin Games\iWinGames.exe
c:\program files\iWin Games\iWinGamesInstaller.exe
c:\program files\iWin Games\pages\alert32x32.gif
c:\program files\iWin Games\pages\blank.html
c:\program files\iWin Games\pages\blank2.html
c:\program files\iWin Games\pages\error.html
c:\program files\iWin Games\pages\iwin_logo.gif
c:\program files\iWin Games\pages\login.html
c:\program files\iWin Games\pages\maintenance.html
c:\program files\iWin Games\pages\offline_tag.gif
c:\program files\iWin Games\pages\offlineBg.gif
c:\program files\iWin Games\sounds\animation.wav
c:\program files\iWin Games\sounds\animationBack.wav
c:\program files\iWin Games\sounds\button_click.wav
c:\program files\iWin Games\sounds\download_completed.wav
c:\program files\iWin Games\sounds\slidebackin.wav
c:\program files\iWin Games\sounds\slideout.wav
c:\program files\iWin Games\sounds\start.wav
c:\program files\iWin Games\Uninstall.exe
c:\program files\iWin Games\WebInstaller.exe
c:\program files\iWin Games\WebUpdater.bmp
c:\program files\iWin Games\WebUpdater.exe

.
--------------- FCopy ---------------

c:\windows\NLDRV\001\iastor.sys --> c:\windows\system32\drivers\iaStor.sys
.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 04:15 . 2010-10-08 23:19 -------- d--h--w- c:\windows\$hf_mig$
2010-10-06 22:14 . 2010-10-06 22:14 388096 ----a-r- c:\documents and settings\Debbie.DEBBIES\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 22:14 . 2010-10-06 22:14 -------- d-----w- c:\program files\Trend Micro
2010-10-06 14:36 . 2010-10-06 14:36 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 14:35 . 2010-10-06 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 14:35 . 2010-10-06 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 14:35 . 2004-08-04 03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 17:11 . 2010-06-28 14:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 15:12 . 2010-07-25 13:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-10-03 21:42 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-03 21:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-03 22:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-03 21:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-03 21:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-03 21:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-03 22:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-03 21:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 02:30 . 2010-07-15 01:39 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Hoyle Puzzle and Board Games
2010-08-16 15:24 . 2010-08-16 15:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SOS
2010-08-04 14:43 . 2010-08-04 14:43 4096 ----a-w- c:\windows\d3dx.dat
2010-07-14 00:22 . 2010-07-14 00:22 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-14 00:22 . 2010-07-14 00:22 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-11 04:37 . 2010-07-11 04:37 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.

------- Sigcheck -------

[-] 2008-02-08 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-30 638976]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\Debbie.DEBBIES\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe.vir [2010-2-15 108544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2008 6:08 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2008 6:08 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 7:10 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lubbockonline.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Debbie.DEBBIES\Application Data\Mozilla\Firefox\Profiles\eljfz2pb.default\
FF - prefs.js: browser.startup.homepage - www.Lubbockonline.com
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\ICO.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2010-10-08 19:32:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-08 23:32
ComboFix2.txt 2010-10-06 22:11

Pre-Run: 143,174,934,528 bytes free
Post-Run: 143,193,456,640 bytes free

- - End Of File - - 0CAAD255C44789F21F79ADD9636BD498

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9896da504e4cd74081fa34bed2e9c2cd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-09 12:32:09
# local_time=2010-10-08 08:32:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 92768 92768 0 0
# compatibility_mode=768 16777215 100 0 20310666 20310666 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=42728
# found=1
# cleaned=0
# scan_time=1913
C:\System Volume Information\_restore{9DCB3FC2-22A2-45D5-902C-194EE2D29A79}\RP135\A0019645.sys Win32/Olmarik.ZC trojan 586180CB7BBB83D9F57EFF015802F321 I
 
Okay- got many iWin entries off. But there is one you will need to manually handle. I've not seen a Combofix log continue to show a files loading when it's in the Qoobox, which is where Combofix send the quarantined files. But here is one:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
c:\documents and settings\Debbie.DEBBIES\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe.vir [2010-2-15 108544]

You will need to display hidden files and folders: Using Windows Explorer: Windows key + E>
  • Click on Tools> Folder Options> View tab>
  • Check 'show hidden files and folders'>
  • Uncheck 'hide operating system files (Recommended'>
  • Click on My Computer> Local Drive> Documents & Settings> All Users>
  • Application data> do a right click> Delete on any iWin files or folders to remove>
  • Click on Apply> OK when finished.
Now go back and rehide the files and folders, Close Windows Explorer.
==================================
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServ
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\Proxy
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Has the redirect been resolved? Any other related problem? Please rescan with HijackThis to make sure nothing has gotten by. If no more problems and logs are okay, I'l have you remove the cleaning tools.
 
ComboFix 10-10-05.06 - Debbie 10/09/2010 11:52:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.634 [GMT -4:00]
Running from: c:\documents and settings\Debbie.DEBBIES\Desktop\Rootkit\ComboFix.exe
Command switches used :: c:\documents and settings\Debbie.DEBBIES\Desktop\Rootkit\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 01:15 . 2010-10-09 01:15 -------- d-----w- c:\windows\system32\KB905474
2010-10-09 01:10 . 2004-08-04 04:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-10-09 01:08 . 2010-10-09 01:08 -------- d-----w- c:\windows\ServicePackFiles
2010-10-08 23:52 . 2010-10-08 23:52 -------- d-----w- c:\program files\ESET
2010-10-08 23:42 . 2010-10-09 00:06 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-08 23:37 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-08 23:37 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-08 23:19 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-08 23:19 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-08 23:19 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-08 23:19 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-08 23:19 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-08 04:15 . 2010-10-09 01:16 -------- d--h--w- c:\windows\$hf_mig$
2010-10-06 22:14 . 2010-10-06 22:14 388096 ----a-r- c:\documents and settings\Debbie.DEBBIES\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 22:14 . 2010-10-06 22:14 -------- d-----w- c:\program files\Trend Micro
2010-10-06 14:36 . 2010-10-06 14:36 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 14:35 . 2010-10-06 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 14:35 . 2010-10-06 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-06 14:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 14:35 . 2004-08-04 03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 01:10 . 2010-10-09 01:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-10-06 17:11 . 2010-06-28 14:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 15:12 . 2010-07-25 13:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-10-03 21:42 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-03 21:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-03 22:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-03 21:42 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-03 21:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-03 21:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-03 22:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-03 21:42 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 02:30 . 2010-07-15 01:39 -------- d-----w- c:\documents and settings\Debbie.DEBBIES\Application Data\Hoyle Puzzle and Board Games
2010-08-16 15:24 . 2010-08-16 15:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SOS
2010-08-04 14:43 . 2010-08-04 14:43 4096 ----a-w- c:\windows\d3dx.dat
2010-07-14 00:22 . 2010-07-14 00:22 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-14 00:22 . 2010-07-14 00:22 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2008-02-08 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-06_22.08.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 23:24 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-04 11:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2010-10-08 14:09 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 11:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2008-10-03 21:11 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-10-03 21:14 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-10-08 00:43 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 11:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-04 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2010-10-09 01:10 . 2004-08-04 04:56 21504 c:\windows\system32\ReinstallBackups\0044\DriverFiles\i386\hidserv.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 69632 c:\windows\system32\raschap.dll
+ 2004-08-04 11:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll
- 2004-08-04 11:00 . 2010-05-08 17:32 53166 c:\windows\system32\perfc009.dat
+ 2004-08-04 11:00 . 2010-10-09 01:24 53166 c:\windows\system32\perfc009.dat
+ 2008-10-03 20:46 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 11264 c:\windows\system32\msrle32.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 78848 c:\windows\system32\msiexec.exe
- 2008-10-03 20:46 . 2004-08-04 11:00 58880 c:\windows\system32\msdtclog.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2003-02-20 23:43 . 2003-02-20 23:43 16896 c:\windows\system32\mscorier.dll
+ 2004-07-15 03:34 . 2004-07-15 03:34 16896 c:\windows\system32\mscorier.dll
+ 2004-08-04 11:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-04 11:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 95744 c:\windows\system32\mqsec.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 47104 c:\windows\system32\mqdscli.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 11:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 11:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 11:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2008-10-03 16:38 . 2010-10-09 01:19 90296 c:\windows\system32\FNTCACHE.DAT
- 2008-10-03 16:38 . 2008-10-03 20:55 90296 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 11:00 . 2004-08-04 11:00 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll
+ 2009-05-09 05:14 . 2009-05-09 05:14 14736 c:\windows\system32\drivers\nuidfltr.sys
+ 2004-08-04 11:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-08-04 11:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2008-10-03 20:48 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 11:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-04 11:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-04 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 11:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 11:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2008-10-03 20:46 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-10-03 20:46 . 2004-08-04 11:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 11:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-04 11:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2004-08-04 11:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-04 11:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2004-08-04 11:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-04 11:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-02-09 13:50 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe
- 2008-02-09 13:50 . 2004-08-04 11:00 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 11:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 11:00 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-10-03 20:46 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-04 11:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 11:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 11:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 11:00 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 11:00 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2008-10-03 20:46 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 11:00 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-04 11:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-08-04 11:00 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 11:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 58880 c:\windows\system32\atl.dll
+ 2004-08-04 11:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
- 2003-02-21 01:10 . 2003-02-21 01:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 06:11 . 2004-07-15 06:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-06-22 17:51 . 2004-06-22 17:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 18:28 . 2004-07-15 18:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 12:24 . 2003-02-21 12:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 04:34 . 2004-07-15 04:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 04:33 . 2004-07-15 04:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 04:32 . 2004-07-15 04:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 12:25 . 2003-02-21 12:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 12:25 . 2003-02-21 12:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 18:28 . 2004-07-15 18:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 18:31 . 2004-07-15 18:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 12:24 . 2003-02-21 12:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 18:30 . 2003-10-08 18:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 15:20 . 2003-02-21 15:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 15:23 . 2004-07-15 15:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
 
+ 2004-07-15 04:32 . 2004-07-15 04:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 05:49 . 2004-07-15 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 05:49 . 2004-07-15 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 05:49 . 2004-07-15 05:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6e66fa76\System.Drawing.Design.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_dc59ba42\CustomMarshalers.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 4608 c:\windows\system32\mqsvc.exe
+ 2004-08-04 11:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-08-04 11:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-07-15 18:31 . 2004-07-15 18:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
 
+ 2010-10-08 14:02 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2008-10-03 20:48 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 11:00 . 2009-04-03 16:15 485376 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 11:00 . 2009-07-13 06:18 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 11:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-04 11:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll
+ 2004-08-04 11:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 351232 c:\windows\system32\winhttp.dll
+ 2008-10-03 20:46 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-10-03 20:46 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-10-03 20:46 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 11:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 11:00 . 2009-10-16 02:51 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 11:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-04 11:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-04 11:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-04 11:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 11:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 112128 c:\windows\system32\rastls.dll
+ 2004-08-04 11:00 . 2010-10-09 01:24 380918 c:\windows\system32\perfh009.dat
- 2004-08-04 11:00 . 2010-05-08 17:32 380918 c:\windows\system32\perfh009.dat
- 2004-08-04 11:00 . 2004-08-04 11:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-04 11:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 266752 c:\windows\system32\oakley.dll
+ 2004-08-04 11:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 11:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-04 11:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 11:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 11:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll
+ 2008-10-03 20:46 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 146432 c:\windows\system32\msrating.dll
- 2008-10-03 20:46 . 2004-08-04 11:00 343040 c:\windows\system32\mspaint.exe
+ 2008-10-03 20:46 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
+ 2004-08-04 11:00 . 2005-05-04 18:45 884736 c:\windows\system32\msimsg.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 884736 c:\windows\system32\msimsg.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 271360 c:\windows\system32\msihnd.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2003-02-21 00:06 . 2003-02-21 00:06 155648 c:\windows\system32\mscoree.dll
+ 2004-07-15 04:24 . 2004-07-15 04:24 155648 c:\windows\system32\mscoree.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 471552 c:\windows\system32\mqutil.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-04 11:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-04 11:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 177152 c:\windows\system32\mqrt.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 225280 c:\windows\system32\mqoa.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 103936 c:\windows\system32\logagent.exe
+ 2004-08-04 11:00 . 2008-06-10 05:31 103936 c:\windows\system32\logagent.exe
+ 2004-08-04 11:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-04 11:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-04 11:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2010-10-09 01:15 . 2009-03-11 02:18 453512 c:\windows\system32\KB905474\wgasetup.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 11:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
+ 2008-10-03 20:47 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 11:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-04 11:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 11:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 11:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 11:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 11:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 11:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 11:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-03 20:48 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-03 20:48 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-09 13:49 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-04 11:00 . 2009-04-03 16:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 11:00 . 2009-07-13 06:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-10-03 20:46 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-10-03 20:46 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 11:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-04 11:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 11:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 11:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll
+ 2008-02-09 13:50 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2008-02-09 13:50 . 2004-08-04 11:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 11:00 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 11:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 11:00 . 2009-10-16 02:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 11:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 11:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 11:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 11:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-04 11:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-04 11:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 112128 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-04 11:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-04 11:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 11:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 11:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 11:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-04 11:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-10-03 20:46 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 146432 c:\windows\system32\dllcache\msrating.dll
- 2008-10-03 20:46 . 2004-08-04 11:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-10-03 20:46 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-08-04 11:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-10-03 20:46 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-02-09 13:50 . 2004-08-04 11:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-02-09 13:50 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 471552 c:\windows\system32\dllcache\mqutil.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-04 11:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-04 11:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-04 11:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 11:00 . 2008-06-10 05:31 103936 c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 11:00 . 2004-08-04 11:00 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 11:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 11:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 11:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 11:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
+ 2008-10-03 20:47 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-03 20:47 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
- 2008-10-03 20:47 . 2004-08-04 11:00 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2004-08-04 11:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-03 20:46 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 11:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 11:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 11:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 11:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-04 11:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 11:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-04 11:00 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll
+ 2004-08-04 11:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 285696 c:\windows\system32\atmfd.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 11:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
+ 2008-10-03 20:47 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2008-10-03 20:47 . 2004-08-04 11:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
- 2003-02-21 15:20 . 2003-02-21 15:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 15:23 . 2004-07-15 15:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
 
+ 2004-07-15 18:31 . 2004-07-15 18:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 12:27 . 2003-02-21 12:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 12:27 . 2003-02-21 12:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-08-10 20:20 . 2004-08-10 20:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 04:33 . 2004-07-15 04:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 04:33 . 2004-07-15 04:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 04:25 . 2004-07-15 04:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 04:32 . 2004-07-15 04:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 12:26 . 2003-02-21 12:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 00:09 . 2003-02-21 00:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 00:06 . 2003-02-21 00:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 04:24 . 2004-07-15 04:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 15:23 . 2004-07-15 15:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 15:21 . 2003-02-21 15:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 05:49 . 2004-07-15 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-08 23:19 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-08 23:37 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2010-10-09 01:08 . 2010-10-09 01:08 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1967fcd6\System.Drawing.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-01-18 01:20 . 2009-01-18 01:20 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2004-08-04 11:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2010-10-08 23:37 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-10-03 20:48 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-04 11:00 . 2010-04-08 17:53 2113536 c:\windows\system32\WMVCore.dll
+ 2004-08-04 11:00 . 2010-02-16 11:27 4734976 c:\windows\system32\wmp.dll
+ 2004-08-04 11:00 . 2008-06-10 22:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 11:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2008-02-10 05:23 . 2009-05-09 05:14 1418120 c:\windows\system32\wdfcoinstaller01005.dll
+ 2004-08-04 11:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 1435648 c:\windows\system32\query.dll
+ 2004-08-04 11:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-08-04 11:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
+ 2004-08-04 11:00 . 2010-02-16 13:17 2137088 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-02-16 12:39 2016768 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 11:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 2890240 c:\windows\system32\msi.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll
+ 2010-10-09 01:15 . 2009-03-11 02:26 1403264 c:\windows\system32\KB905474\wganotifypackageinner.exe
+ 2008-10-03 20:48 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-04 11:00 . 2010-04-08 17:53 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 11:00 . 2010-02-16 11:27 4734976 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 11:00 . 2008-06-10 22:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 11:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 11:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 11:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 11:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 11:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-02-09 13:50 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 11:00 . 2005-05-04 18:45 2890240 c:\windows\system32\dllcache\msi.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-09 13:51 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2008-02-09 13:51 . 2004-08-04 11:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-04 11:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll
+ 2004-07-15 12:15 . 2004-07-15 12:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 10:04 . 2003-02-21 10:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 18:32 . 2004-07-15 18:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 18:32 . 2004-07-15 18:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 04:28 . 2004-07-15 04:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 04:26 . 2004-07-15 04:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-10-06 22:14 . 2010-10-06 22:14 1094656 c:\windows\Installer\64442.msi
+ 2010-10-08 23:19 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-10-08 23:19 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-10-08 23:19 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-10-08 23:19 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-09 01:08 . 2010-10-09 01:08 1953792 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_373766b2\System.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d2fcb88c\System.Xml.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 3014656 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_256424db\System.Windows.Forms.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e62df0ec\System.Design.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 3379200 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d8e0c0f\mscorlib.dll
+ 2010-10-09 01:08 . 2010-10-09 01:08 1224704 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 1257472 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-09 01:07 . 2010-10-09 01:07 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2010-10-09 01:09 . 2010-09-10 18:34 35552200 c:\windows\system32\MRT.exe
+ 2010-10-09 01:06 . 2010-10-09 01:06 19210240 c:\windows\Installer\5c748e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-30 638976]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2008 6:08 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2008 6:08 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 7:10 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:10]

2010-10-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-09 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lubbockonline.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Debbie.DEBBIES\Application Data\Mozilla\Firefox\Profiles\eljfz2pb.default\
FF - prefs.js: browser.startup.homepage - www.Lubbockonline.com
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-10-09 11:57:53
ComboFix-quarantined-files.txt 2010-10-09 15:57
ComboFix2.txt 2010-10-08 23:32
ComboFix3.txt 2010-10-06 22:11

Pre-Run: 141,494,931,456 bytes free
Post-Run: 141,485,166,592 bytes free

- - End Of File - - F3F06D4FD01BD2D38A543178724D1C6D
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:49 PM, on 10/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lubbockonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 4764 bytes


Thanks for the help. If there are any more problems I will post here.
 
You're welcome. It appears that the redirects have stopped and these logs are clean. Let's go to the last step:
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you need more help. If not, I'll close the thread.
 
Thanks for the help. I have three more pc's that I would like to double check if I may. I will post the preliminary scans.
 
Status
Not open for further replies.

Similar threads

Mickey1
PC Freezes & won't open anything
Replies
3
Views
529
info12345
info12345
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
143
James Ryan
J
A
New variant of "TheMoon" malware enslaves thousands of insecure Asus routers into a malicious proxy
Replies
2
Views
145
Snazz
S

Latest posts

Back