thesaint77
Posts: 6 +0
morning all. Here's the issue: Downloaded a torrent earlier this week that didn't seem to look right but I didn't stop it in time. Since then, I can't download/upload any new torrents and my antivirus has stopped updating and won't update itself any more.
1. My A/V scan detected nothing. Running EsetNod32 Antivirus 4
2. Malware Scan:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122405
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/24/2011 9:42:06 PM
mbam-log-2011-12-24 (21-42-06).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 220923
Time elapsed: 3 hour(s), 2 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DW20.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000009b00002i\IEXPLORE.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000001200003i\ipconfig.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000001d00002i\sysocmgr.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000006600002i\regedit.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\1000000ff00002i\explorer.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\2e000000eb00002i\DW20.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000013600002i\wlsetup-web.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001600002i\ymsgr_tray.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001600002i\YMSGR_~1.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000018200002i\ACDSee32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001900003i\usnsvc.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000002ab00002i\fp_pl_pfs_installer-1.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000002ab00002i\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000030200002i\YPager.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000032e00002i\BitLord.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000003700002i\BI~G9WHW.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000003900002i\yupdater.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000400002i\GLJ668.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000047a00002i\bitlord_1.01.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000006300002i\YUDPTEMP.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000006300002i\yupdater.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000700002i\GLB33b.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000700002i\GLB449c.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000084100002i\yahoo70.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000d00002i\YServer.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000e000002i\firefox.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000e800002i\Opera.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000fe00002i\soft32downloader-for-bitlord.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\experience\data execution prevention\enable dep.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WLM Lite\10000001200003i\ipconfig.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\1000000b00002i\rundll32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\4000001900003i\usnsvc.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\400000e800002i\Opera.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
3.GmerLog:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-25 01:00:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS421210H9AT00 rev.HABOA70S
Running: tw0h2k9e.exe; Driver: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwxyqkog.sys
---- Kernel code sections - GMER 1.0.15 ----
? aphmte.sys The system cannot find the file specified. !
init D:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB8713EBF]
---- User code sections - GMER 1.0.15 ----
.text C:\ekrn.exe[1196] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
4.DDS logs:
4.1: .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2011 12:37:56 PM
System Uptime: 12/24/2011 9:44:53 PM (4 hours ago)
.
Motherboard: Gateway | | MX6446
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket M2/S1G1 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 15.951 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 3.129 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3057&SUBSYS_00010001&REV_1001\4&C38BD79&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3057&SUBSYS_00010001&REV_1001\4&C38BD79&0&0101
Service:
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: NWADI Bus Enumerator
Device ID: ROOT\SYSTEM\0003
Manufacturer: Novatel Wireless Inc
Name: NWADI Bus Enumerator
PNP Device ID: ROOT\SYSTEM\0003
Service: NWADI
.
==== System Restore Points ===================
.
RP121: 9/26/2011 10:21:07 PM - System Checkpoint
RP122: 9/28/2011 12:31:22 PM - Software Distribution Service 3.0
RP123: 9/29/2011 8:05:59 PM - System Checkpoint
RP124: 10/2/2011 8:45:14 AM - System Checkpoint
RP125: 10/4/2011 3:53:29 PM - System Checkpoint
RP126: 10/5/2011 4:23:40 PM - System Checkpoint
RP127: 10/6/2011 4:47:58 PM - System Checkpoint
RP128: 10/7/2011 5:26:23 PM - System Checkpoint
RP129: 10/8/2011 5:50:30 PM - System Checkpoint
RP130: 10/9/2011 8:20:27 PM - System Checkpoint
RP131: 10/11/2011 4:20:17 PM - System Checkpoint
RP132: 10/12/2011 6:29:28 PM - Software Distribution Service 3.0
RP133: 10/14/2011 10:32:15 AM - System Checkpoint
RP134: 10/17/2011 6:05:43 PM - System Checkpoint
RP135: 10/20/2011 7:45:18 PM - System Checkpoint
RP136: 10/23/2011 2:50:20 PM - System Checkpoint
RP137: 10/25/2011 4:09:32 PM - System Checkpoint
RP138: 10/27/2011 8:58:08 PM - System Checkpoint
RP139: 10/29/2011 6:38:26 PM - System Checkpoint
RP140: 10/31/2011 9:49:48 AM - System Checkpoint
RP141: 11/2/2011 12:28:49 PM - System Checkpoint
RP142: 11/3/2011 7:36:50 PM - System Checkpoint
RP143: 11/4/2011 10:31:33 PM - System Checkpoint
RP144: 11/5/2011 10:01:27 PM - System Checkpoint
RP145: 11/7/2011 12:56:49 AM - System Checkpoint
RP146: 11/8/2011 9:34:04 AM - System Checkpoint
RP147: 11/9/2011 7:17:24 PM - Software Distribution Service 3.0
RP148: 11/10/2011 5:36:31 PM - Software Distribution Service 3.0
RP149: 11/14/2011 8:44:35 PM - System Checkpoint
RP150: 11/15/2011 9:01:21 AM - Installed Windows Media Player Firefox Plugin
RP151: 11/16/2011 5:31:50 PM - System Checkpoint
RP152: 11/17/2011 9:03:41 PM - System Checkpoint
RP153: 11/18/2011 9:29:08 PM - System Checkpoint
RP154: 11/20/2011 11:28:09 AM - Installed Java(TM) 6 Update 29
RP155: 11/21/2011 6:45:21 PM - System Checkpoint
RP156: 11/26/2011 11:39:46 AM - System Checkpoint
RP157: 11/27/2011 2:44:18 PM - System Checkpoint
RP158: 11/28/2011 6:35:21 PM - System Checkpoint
RP159: 11/30/2011 1:02:04 PM - System Checkpoint
RP160: 12/7/2011 11:00:23 AM - System Checkpoint
RP161: 12/9/2011 5:27:08 PM - System Checkpoint
RP162: 12/11/2011 2:28:53 PM - System Checkpoint
RP163: 12/13/2011 11:19:56 AM - System Checkpoint
RP164: 12/13/2011 7:05:48 PM - Configured Microsoft Office Professional Plus 2010
RP165: 12/15/2011 4:36:53 PM - Software Distribution Service 3.0
RP166: 12/18/2011 3:05:21 PM - System Checkpoint
RP167: 12/21/2011 10:27:27 AM - System Checkpoint
RP168: 12/22/2011 1:54:05 PM - System Checkpoint
RP169: 12/22/2011 7:25:37 PM - DMX_DriverMax Driver Installation
RP170: 12/22/2011 7:26:15 PM - DMX_DriverMax Driver Installation
RP171: 12/23/2011 10:21:02 AM - Restore Operation
RP172: 12/24/2011 4:08:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
ATI - Software Uninstall Utility
ATI Display Driver
CCleaner
DriverMax 6
DVD Shrink 3.2
ESET NOD32 Antivirus
Everything 1.2.1.371
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
InstallVC90Support
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Lame ACM MP3 Codec
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSVCRT
Opera 11.51
Samsung Media Studio
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shareaza 2.5.3.0
SigmaTel Audio
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.10
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 6 (32-bit)
XviD MPEG-4 Video Codec
.
==== End Of File ===========================
4.2: .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Administrator at 1:08:16 on 2011-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1162 [GMT -7:00]
.
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\IDT\WDM\sttray.exe
D:\Program Files\Everything\Everything.exe
C:\egui.exe
D:\WINDOWS\vVX1000.exe
D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
D:\Program Files\MarkAny\ContentSafer\MAAgent.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
svchost.exe
C:\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DriverMax_RESTART]
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Everything] "d:\program files\everything\Everything.exe" -startup
mRun: [egui] "C:\egui.exe" /hide /waitservice
mRun: [VX1000] d:\windows\vVX1000.exe
mRun: [LifeCamSetup] "E:\setupstb.exe"
mRun: [SMSTray] d:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [MAAgent] d:\program files\markany\contentsafer\MAAgent.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297283044265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - d:\progra~1\markany\conten~1\MACSMA~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 ekrn;ESET Service;C:\ekrn.exe [2010-11-4 810144]
S2 .EsetTrialReset;Eset Trial Reset;d:\windows\reset.exe [2009-3-13 357182]
S3 osppsvc;Office Software Protection Platform;d:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-12-25 01:35:24 -------- d-----w- d:\documents and settings\administrator\application data\Malwarebytes
2011-12-25 01:34:59 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-12-25 01:34:52 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-25 01:34:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-23 17:22:19 -------- d-----w- d:\windows\system32\wbem\repository\FS
2011-12-23 17:22:19 -------- d-----w- d:\windows\system32\wbem\Repository
2011-12-23 13:52:28 0 ----a-w- d:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-20 18:28:28 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-11-20 18:28:28 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-11-15 22:35:15 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 20:35:20 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31:48 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ------w- d:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- d:\windows\system32\oleaccrc.dll
.
============= FINISH: 1:08:33.82 ===============
Hopefully I've gotten this first post right.
1. My A/V scan detected nothing. Running EsetNod32 Antivirus 4
2. Malware Scan:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122405
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/24/2011 9:42:06 PM
mbam-log-2011-12-24 (21-42-06).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 220923
Time elapsed: 3 hour(s), 2 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DW20.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000009b00002i\IEXPLORE.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000001200003i\ipconfig.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000001d00002i\sysocmgr.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\10000006600002i\regedit.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\1000000ff00002i\explorer.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\2e000000eb00002i\DW20.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000013600002i\wlsetup-web.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001600002i\ymsgr_tray.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001600002i\YMSGR_~1.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000018200002i\ACDSee32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000001900003i\usnsvc.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000002ab00002i\fp_pl_pfs_installer-1.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000002ab00002i\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000030200002i\YPager.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000032e00002i\BitLord.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000003700002i\BI~G9WHW.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000003900002i\yupdater.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000400002i\GLJ668.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000047a00002i\bitlord_1.01.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000006300002i\YUDPTEMP.EXE (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\4000006300002i\yupdater.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000700002i\GLB33b.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000700002i\GLB449c.tmp (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\40000084100002i\yahoo70.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000d00002i\YServer.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000e000002i\firefox.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000e800002i\Opera.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Apps\microsoft office 2010 professional plus x64 and x86 14.0.4743.1000 full activated\msn messenger\WLM Lite\400000fe00002i\soft32downloader-for-bitlord.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\experience\data execution prevention\enable dep.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WLM Lite\10000001200003i\ipconfig.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\1000000b00002i\rundll32.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\4000001900003i\usnsvc.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\WLM Lite\400000e800002i\Opera.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
3.GmerLog:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-25 01:00:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS421210H9AT00 rev.HABOA70S
Running: tw0h2k9e.exe; Driver: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwxyqkog.sys
---- Kernel code sections - GMER 1.0.15 ----
? aphmte.sys The system cannot find the file specified. !
init D:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB8713EBF]
---- User code sections - GMER 1.0.15 ----
.text C:\ekrn.exe[1196] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
4.DDS logs:
4.1: .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2011 12:37:56 PM
System Uptime: 12/24/2011 9:44:53 PM (4 hours ago)
.
Motherboard: Gateway | | MX6446
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket M2/S1G1 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 15.951 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 3.129 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3057&SUBSYS_00010001&REV_1001\4&C38BD79&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3057&SUBSYS_00010001&REV_1001\4&C38BD79&0&0101
Service:
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: NWADI Bus Enumerator
Device ID: ROOT\SYSTEM\0003
Manufacturer: Novatel Wireless Inc
Name: NWADI Bus Enumerator
PNP Device ID: ROOT\SYSTEM\0003
Service: NWADI
.
==== System Restore Points ===================
.
RP121: 9/26/2011 10:21:07 PM - System Checkpoint
RP122: 9/28/2011 12:31:22 PM - Software Distribution Service 3.0
RP123: 9/29/2011 8:05:59 PM - System Checkpoint
RP124: 10/2/2011 8:45:14 AM - System Checkpoint
RP125: 10/4/2011 3:53:29 PM - System Checkpoint
RP126: 10/5/2011 4:23:40 PM - System Checkpoint
RP127: 10/6/2011 4:47:58 PM - System Checkpoint
RP128: 10/7/2011 5:26:23 PM - System Checkpoint
RP129: 10/8/2011 5:50:30 PM - System Checkpoint
RP130: 10/9/2011 8:20:27 PM - System Checkpoint
RP131: 10/11/2011 4:20:17 PM - System Checkpoint
RP132: 10/12/2011 6:29:28 PM - Software Distribution Service 3.0
RP133: 10/14/2011 10:32:15 AM - System Checkpoint
RP134: 10/17/2011 6:05:43 PM - System Checkpoint
RP135: 10/20/2011 7:45:18 PM - System Checkpoint
RP136: 10/23/2011 2:50:20 PM - System Checkpoint
RP137: 10/25/2011 4:09:32 PM - System Checkpoint
RP138: 10/27/2011 8:58:08 PM - System Checkpoint
RP139: 10/29/2011 6:38:26 PM - System Checkpoint
RP140: 10/31/2011 9:49:48 AM - System Checkpoint
RP141: 11/2/2011 12:28:49 PM - System Checkpoint
RP142: 11/3/2011 7:36:50 PM - System Checkpoint
RP143: 11/4/2011 10:31:33 PM - System Checkpoint
RP144: 11/5/2011 10:01:27 PM - System Checkpoint
RP145: 11/7/2011 12:56:49 AM - System Checkpoint
RP146: 11/8/2011 9:34:04 AM - System Checkpoint
RP147: 11/9/2011 7:17:24 PM - Software Distribution Service 3.0
RP148: 11/10/2011 5:36:31 PM - Software Distribution Service 3.0
RP149: 11/14/2011 8:44:35 PM - System Checkpoint
RP150: 11/15/2011 9:01:21 AM - Installed Windows Media Player Firefox Plugin
RP151: 11/16/2011 5:31:50 PM - System Checkpoint
RP152: 11/17/2011 9:03:41 PM - System Checkpoint
RP153: 11/18/2011 9:29:08 PM - System Checkpoint
RP154: 11/20/2011 11:28:09 AM - Installed Java(TM) 6 Update 29
RP155: 11/21/2011 6:45:21 PM - System Checkpoint
RP156: 11/26/2011 11:39:46 AM - System Checkpoint
RP157: 11/27/2011 2:44:18 PM - System Checkpoint
RP158: 11/28/2011 6:35:21 PM - System Checkpoint
RP159: 11/30/2011 1:02:04 PM - System Checkpoint
RP160: 12/7/2011 11:00:23 AM - System Checkpoint
RP161: 12/9/2011 5:27:08 PM - System Checkpoint
RP162: 12/11/2011 2:28:53 PM - System Checkpoint
RP163: 12/13/2011 11:19:56 AM - System Checkpoint
RP164: 12/13/2011 7:05:48 PM - Configured Microsoft Office Professional Plus 2010
RP165: 12/15/2011 4:36:53 PM - Software Distribution Service 3.0
RP166: 12/18/2011 3:05:21 PM - System Checkpoint
RP167: 12/21/2011 10:27:27 AM - System Checkpoint
RP168: 12/22/2011 1:54:05 PM - System Checkpoint
RP169: 12/22/2011 7:25:37 PM - DMX_DriverMax Driver Installation
RP170: 12/22/2011 7:26:15 PM - DMX_DriverMax Driver Installation
RP171: 12/23/2011 10:21:02 AM - Restore Operation
RP172: 12/24/2011 4:08:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
ATI - Software Uninstall Utility
ATI Display Driver
CCleaner
DriverMax 6
DVD Shrink 3.2
ESET NOD32 Antivirus
Everything 1.2.1.371
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
InstallVC90Support
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Lame ACM MP3 Codec
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSVCRT
Opera 11.51
Samsung Media Studio
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shareaza 2.5.3.0
SigmaTel Audio
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.10
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 6 (32-bit)
XviD MPEG-4 Video Codec
.
==== End Of File ===========================
4.2: .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Administrator at 1:08:16 on 2011-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1162 [GMT -7:00]
.
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\IDT\WDM\sttray.exe
D:\Program Files\Everything\Everything.exe
C:\egui.exe
D:\WINDOWS\vVX1000.exe
D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
D:\Program Files\MarkAny\ContentSafer\MAAgent.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
svchost.exe
C:\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DriverMax_RESTART]
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Everything] "d:\program files\everything\Everything.exe" -startup
mRun: [egui] "C:\egui.exe" /hide /waitservice
mRun: [VX1000] d:\windows\vVX1000.exe
mRun: [LifeCamSetup] "E:\setupstb.exe"
mRun: [SMSTray] d:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [MAAgent] d:\program files\markany\contentsafer\MAAgent.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297283044265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - d:\progra~1\markany\conten~1\MACSMA~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 ekrn;ESET Service;C:\ekrn.exe [2010-11-4 810144]
S2 .EsetTrialReset;Eset Trial Reset;d:\windows\reset.exe [2009-3-13 357182]
S3 osppsvc;Office Software Protection Platform;d:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-12-25 01:35:24 -------- d-----w- d:\documents and settings\administrator\application data\Malwarebytes
2011-12-25 01:34:59 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-12-25 01:34:52 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-25 01:34:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-23 17:22:19 -------- d-----w- d:\windows\system32\wbem\repository\FS
2011-12-23 17:22:19 -------- d-----w- d:\windows\system32\wbem\Repository
2011-12-23 13:52:28 0 ----a-w- d:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-20 18:28:28 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-11-20 18:28:28 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-11-15 22:35:15 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 20:35:20 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31:48 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ------w- d:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- d:\windows\system32\oleaccrc.dll
.
============= FINISH: 1:08:33.82 ===============
Hopefully I've gotten this first post right.