Jump to content


Photo

Explorer is being blocked...possible trojan??


  • This topic is locked This topic is locked
14 replies to this topic

#1 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 04 December 2009 - 10:12 PM

Hello,

I am limping along right now, enough to get a few tools working. But something needs to be cleaned properly and I am not quite advanced enough to do it alone.

The help of an expert will be greatly appreciated. MY HJT log follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:04 PM, on 12/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\AIM7\aim.exe
C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\TouchKit\TouchTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115...layerWeb11g.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230899921692
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://198.252.45.126/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.2...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gate...rvest/gwCID.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.19/ttinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...d/UnSkin/gf.cab
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestat...ab?ver=2,0,0,54
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,38
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: MULUMOBU.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 14307 bytes
JoeFixes
(But only if its Broke)

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 December 2009 - 05:21 AM

Hi,

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Next:
  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version. [Also check for updates manually].
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 05 December 2009 - 08:13 AM

Hi Jedi

Thanks for your reply. I will take care of the Spybot Teatimer issue, but more importantly is the MBAM issue.

I previously had MalwareBytes installed on this computer but it seems as though the virus has hijacked the execute file from both MalwareBytes and also from SPybot S&D (my 2 favorite anti-spyware programs) I tried downloading a fresh copy of MBAM but I am not able to do so. It does download but I am not able to install it as it give me an error message of :MOT ABLE TO EXECUTE FILE MBAM.EXE" something to that effect. Before I posted I did a little bit of research and found an old post by MIEKIEMOES helping someone with a similar problem and she had created a link for MBAM with the execute file renames "EXPLORER.EXE". I was able to download that and install that but it does not let me updated the definition files. So whatever it is thats stopping me is kind of nasty.

Have you got any thoughts about a way to get MBAM to run with a current set of Def files?

Thanks

JoeFixes
JoeFixes
(But only if its Broke)

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 December 2009 - 08:30 AM

Hi again,

Are you able to launch MBAM? If so, are you able to perform the Quick Scan as described in my post above, without updating?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 05 December 2009 - 10:16 AM

Hi,

Okay...I was able to run MBAM using the download link from MieKieMoe. But I am not able to update. The scan did detect trojans and there were 2 files it was not ab le to remove until after start up. Also, I am not able to start Spybot S&D so unless you know another way to do so, I was not able to disable teatimer.

By the way...on startup I got this new error message:

ERROR LOADING C:\WINDOWS\SYSTEM32\BINOSINO.DLL
THE SPECIFIED MODULE COULD NOT BE FOUND

The log from MBAM is below and under that is a fresh hijack this log. Thank you for your continued help.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

12/05/2009 10:06:57 AM
mbam-log-2009-12-05 (10-06-57).txt

Scan type: Quick Scan
Objects scanned: 112201
Time elapsed: 16 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a180a409-7ca6-476c-91f8-ad74b2b0e176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vojuvewow (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a180a409-7ca6-476c-91f8-ad74b2b0e176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gevefebew (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\binosino.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\binosino.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wenijalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeyapoyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



-----------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:27 AM, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\AIM7\aim.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TouchKit\TouchTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115...layerWeb11g.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230899921692
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://198.252.45.126/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.2...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gate...rvest/gwCID.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.19/ttinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...d/UnSkin/gf.cab
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestat...ab?ver=2,0,0,54
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,38
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: MULUMOBU.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 14172 bytes
JoeFixes
(But only if its Broke)

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 December 2009 - 03:07 PM

Hi again,

Re:

ERROR LOADING C:\WINDOWS\SYSTEM32\BINOSINO.DLL
THE SPECIFIED MODULE COULD NOT BE FOUND


MBAM has removed the malware .dll (c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.) but there's still a registry item calling for the missing .dll. I'll deal with that in due course.

Scan with HiJackThis and put a check in the box next to the following item;

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Close all browsers and windows, click on ‘Fix checked’ and allow HJT to fix this entry.

Restart.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 05 December 2009 - 08:08 PM

Hi Jedi,

That process went smoothly. The ComboFix log is below:

ComboFix 09-12-05.03 - Lori Kay 12/05/2009 19:35.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.458 [GMT -5:00]
Running from: c:\documents and settings\Lori Kay\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091205-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kagohaku.dll
c:\windows\system32\mulumobu.dll
c:\windows\Tasks\hzdscadb.job

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-03 02:43 . 2009-12-03 02:47 -------- d-----w- c:\documents and settings\Lori Kay\Local Settings\Application Data\Temp
2009-11-24 00:49 . 2009-12-03 03:26 1426 ----a-w- c:\windows\system32\Wbconf.dat
2009-11-24 00:49 . 2009-12-03 03:26 153827 ----a-w- c:\windows\system32\WBLog.dat
2009-11-24 00:49 . 2009-11-24 01:00 975 ----a-w- c:\windows\system32\wbUsUBlk.Dat
2009-11-24 00:49 . 2009-11-24 00:52 1023 ----a-w- c:\windows\system32\WBUS.dat
2009-11-24 00:49 . 2006-04-03 02:44 641536 ----a-w- c:\windows\system32\WeUninstall.exe
2009-11-24 00:49 . 2006-03-29 22:18 7829808 ----a-w- c:\windows\system32\Wb025.dat
2009-11-24 00:49 . 2006-03-29 22:18 63538 ----a-w- c:\windows\system32\Wb100.dat
2009-11-24 00:49 . 2006-03-29 22:18 5065555 ----a-w- c:\windows\system32\Wb015.dat
2009-11-24 00:49 . 2006-03-29 22:18 1142642 ----a-w- c:\windows\system32\Wb035.dat
2009-11-24 00:49 . 2001-05-24 18:11 12583 ----a-w- c:\windows\system32\WbWords.dat
2009-11-24 00:49 . 2001-03-15 21:40 98 ----a-w- c:\windows\system32\wbUsBlk.Dat
2009-11-24 00:49 . 1999-05-08 04:13 52 ----a-w- c:\windows\system32\nwt.sys
2009-11-24 00:37 . 2009-11-24 00:37 152576 ----a-w- c:\documents and settings\Lori Kay\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 00:36 . 2009-11-24 00:36 79488 ----a-w- c:\documents and settings\Lori Kay\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 13:22 . 2009-11-15 13:22 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\Malwarebytes
2009-11-15 13:21 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 13:21 . 2009-11-15 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 13:21 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 13:21 . 2009-12-05 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 14:33 . 2007-04-17 15:35 -------- d-----w- c:\program files\LogMeIn
2009-12-03 02:39 . 2003-12-31 19:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 23:54 . 2009-03-23 10:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-23 10:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-23 10:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-23 10:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-23 10:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-23 10:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-23 10:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-23 10:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-23 10:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 00:52 . 2003-12-31 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 00:40 . 2006-11-12 21:02 -------- d-----w- c:\program files\Java
2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\AIM Toolbar
2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-27 22:03 . 2009-10-27 22:01 -------- d-----w- c:\program files\AIM7
2009-10-24 15:38 . 2009-10-24 15:38 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\Viewpoint
2009-10-24 15:36 . 2004-01-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-24 15:36 . 2009-05-04 00:50 -------- d-----w- c:\program files\Viewpoint
2009-10-24 15:35 . 2007-03-18 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo
2009-10-24 15:35 . 2006-04-08 23:24 -------- d-----w- c:\program files\Yahoo!
2009-10-24 14:45 . 2005-03-17 01:39 -------- d-----w- c:\program files\CCleaner
2009-10-14 22:03 . 2003-07-11 18:58 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\MSN6
2009-10-11 09:17 . 2009-03-23 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 20:57 . 2007-06-03 23:58 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 20:57 . 2007-04-17 15:35 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 20:57 . 2007-04-17 15:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 20:27 . 2007-11-24 19:41 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-09-07 20:27 . 2006-10-06 23:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-12-01 21:45 . 2006-10-18 10:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-09 17:15 . 2006-06-11 21:22 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-12-09 17:15 . 2006-06-11 21:22 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-12-09 17:15 . 2007-12-09 17:15 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-12-09 17:15 . 2007-12-09 17:15 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-12-09 17:15 . 2006-06-11 21:22 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-08_15.27.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 02:36 . 2009-12-03 02:36 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2009-12-06 00:51 . 2009-12-06 00:51 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat
+ 2009-12-06 00:52 . 2009-12-06 00:52 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat
+ 2005-05-26 08:16 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-13 12:32 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2003-09-09 11:09 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2001-08-23 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2003-09-09 11:07 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2003-09-09 11:09 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2007-04-17 15:35 . 2009-10-01 20:57 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2007-04-17 15:35 . 2009-01-03 12:55 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2007-04-17 15:35 . 2009-10-01 20:57 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2009-10-03 13:36 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-03 13:36 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2003-09-09 11:09 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2003-09-09 11:09 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2009-07-07 11:37 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\hidserv.dll
+ 2009-07-07 11:36 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hidserv.dll
- 2002-12-27 23:06 . 2009-04-16 22:26 51576 c:\windows\system32\perfc009.dat
+ 2002-12-27 23:06 . 2009-11-01 11:08 51576 c:\windows\system32\perfc009.dat
- 2006-11-08 02:03 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2001-08-23 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2007-05-03 10:35 . 2009-01-02 16:20 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-05-03 10:35 . 2009-06-14 00:46 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2001-08-23 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2006-11-02 11:22 . 2006-11-02 11:22 32224 c:\windows\system32\drivers\wdfldr.sys
+ 2009-05-09 05:14 . 2009-05-09 05:14 14736 c:\windows\system32\drivers\nuidfltr.sys
+ 2001-08-23 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-07-07 11:36 . 2008-04-13 23:11 21504 c:\windows\system32\drivers\hidserv.dll
+ 2009-06-11 20:56 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-13 12:32 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2003-09-09 11:09 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2007-05-09 20:17 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 20:17 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2003-09-09 11:06 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2002-12-28 00:18 . 2009-01-02 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-12-28 00:18 . 2009-01-02 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2003-09-09 11:06 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2003-09-09 11:06 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2003-09-09 11:06 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2003-09-09 11:06 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2003-09-09 11:06 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-05-03 01:58 . 2009-05-03 01:58 24064 c:\windows\Installer\31bc73b.msi
+ 2005-09-06 00:28 . 2005-09-06 00:28 20480 c:\windows\Installer\2c39b35.msi
+ 2009-12-02 20:54 . 2009-12-02 20:54 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-10-14 15:34 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-07-30 11:54 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-30 11:54 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-30 11:54 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-06-12 19:18 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-12 19:18 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2002-12-27 23:04 . 2001-08-18 12:00 67584 c:\windows\I386\WINNT32.MSI
+ 2009-10-14 15:30 . 2009-10-14 15:30 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fc7235e9\System.Drawing.Design.dll
+ 2009-10-14 15:30 . 2009-10-14 15:30 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c71d0d1d\CustomMarshalers.dll
+ 2009-07-07 11:37 . 2006-11-02 11:22 51680 c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2009-10-14 15:30 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-08-12 11:13 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-08-12 11:14 . 2008-04-14 00:11 84992 c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-08-30 12:56 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-30 12:56 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-08-12 11:07 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
+ 2009-08-12 11:07 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2009-08-12 11:07 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys
+ 2009-07-16 11:57 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-08-12 11:15 . 2008-04-14 00:12 78336 c:\windows\$NtUninstallKB960859$\tlntsess.exe
+ 2009-08-12 11:15 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-11-05 21:05 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976749-IE8\update\spcustom.dll
+ 2009-11-05 21:05 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976749-IE8\spmsg.dll
+ 2009-10-14 15:28 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-14 15:28 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-10-14 15:34 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB974455-IE8\update\spcustom.dll
+ 2009-10-14 15:34 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB974455-IE8\spmsg.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 12800 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\xpshims.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 55296 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeedsbs.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 25600 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\jsproxy.dll
+ 2009-10-14 15:31 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-14 15:31 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-08-12 11:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-08-12 11:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-10-14 15:28 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-14 15:28 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-30 11:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll
+ 2009-07-30 11:54 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll
+ 2009-07-29 16:58 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll
+ 2009-07-29 16:58 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll
+ 2009-07-29 16:58 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-10-14 15:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-14 15:29 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2009-06-12 19:13 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-12 19:13 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-12 19:17 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-12 19:17 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-12 19:18 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-12 19:18 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-11 20:56 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-11 20:56 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-10-14 15:31 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-14 15:31 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-06-12 19:13 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-12 19:13 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-08-12 11:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-08-12 11:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-06-12 19:17 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-12 19:17 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-16 11:57 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-16 11:57 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-09-10 16:58 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956744\spmsg.dll
+ 2004-08-13 12:32 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-13 12:32 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-13 12:32 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2004-01-13 19:26 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-01-13 19:26 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll
+ 2001-08-23 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2001-08-23 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-02-06 22:05 . 2009-08-29 08:08 916480 c:\windows\system32\wininet.dll
+ 2001-08-23 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2003-09-09 11:09 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2003-09-09 11:09 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2001-08-23 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-04-15 11:24 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2002-12-27 23:06 . 2009-11-01 11:08 375828 c:\windows\system32\perfh009.dat
- 2002-12-27 23:06 . 2009-04-16 22:26 375828 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-01-17 01:13 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2006-11-08 02:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2001-08-23 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2001-08-23 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2003-09-09 11:07 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2003-01-13 18:57 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2003-01-13 18:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-11-24 00:40 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe
+ 2009-11-24 00:40 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2009-11-24 00:40 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
+ 2003-09-09 11:06 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2003-09-09 11:06 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2003-09-09 11:06 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2003-09-09 11:06 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
- 2002-12-27 16:09 . 2009-03-11 22:51 274168 c:\windows\system32\FNTCACHE.DAT
+ 2002-12-27 16:09 . 2009-11-11 13:29 274168 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 11:22 . 2006-11-02 11:22 492000 c:\windows\system32\drivers\wdf01000.sys
+ 2004-08-13 12:32 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-13 12:32 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-13 12:32 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-01-13 19:26 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-01-13 19:26 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-09-09 19:55 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-10-17 17:04 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-05-09 20:17 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 20:17 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-15 20:21 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-11 20:56 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 08:27 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-02 14:24 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2009-01-02 14:24 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2002-12-28 00:20 . 2002-12-28 00:20 264704 c:\windows\Installer\c89d.msi
+ 2004-12-27 21:34 . 2004-12-27 21:34 801792 c:\windows\Installer\b12de7.msi
+ 2007-10-12 01:01 . 2007-10-12 01:01 282624 c:\windows\Installer\93a53.msi
+ 2009-03-23 10:44 . 2009-03-23 10:44 562176 c:\windows\Installer\74f77.msi
+ 2009-01-07 17:41 . 2009-01-07 17:41 474624 c:\windows\Installer\60193.msi
+ 2004-12-25 13:06 . 2004-12-25 13:06 854528 c:\windows\Installer\4cd8b0.msi
+ 2009-05-04 00:07 . 2009-05-04 00:07 122880 c:\windows\Installer\498086.msi
+ 2006-11-16 03:00 . 2006-11-16 03:00 428544 c:\windows\Installer\364a57c.msi
+ 2007-08-16 01:44 . 2007-08-16 01:44 431104 c:\windows\Installer\35179e3.msi
+ 2007-01-24 01:56 . 2007-01-24 01:56 425984 c:\windows\Installer\32b555d.msi
+ 2007-08-15 23:25 . 2007-08-15 23:25 912384 c:\windows\Installer\2cf32b5.msi
+ 2007-08-10 00:12 . 2007-08-10 00:12 291328 c:\windows\Installer\281debc.msi
+ 2007-08-10 00:11 . 2007-08-10 00:11 121344 c:\windows\Installer\281deb4.msi
+ 2007-08-10 00:11 . 2007-08-10 00:11 477696 c:\windows\Installer\281deaf.msi
+ 2007-08-10 00:11 . 2007-08-10 00:11 121344 c:\windows\Installer\281dea7.msi
+ 2007-08-10 00:10 . 2007-08-10 00:10 121344 c:\windows\Installer\281de9f.msi
+ 2007-08-10 00:10 . 2007-08-10 00:10 609280 c:\windows\Installer\27f11c5.msi
+ 2007-08-10 00:09 . 2007-08-10 00:09 304128 c:\windows\Installer\27f10d8.msi
+ 2007-08-10 00:09 . 2007-08-10 00:09 304128 c:\windows\Installer\27f10d2.msi
+ 2007-08-10 00:09 . 2007-08-10 00:09 310272 c:\windows\Installer\27f10cc.msi
+ 2007-08-10 00:09 . 2007-08-10 00:09 390144 c:\windows\Installer\27f10c6.msi
+ 2007-08-10 00:09 . 2007-08-10 00:09 314368 c:\windows\Installer\27f10be.msi
+ 2007-08-10 00:08 . 2007-08-10 00:08 304128 c:\windows\Installer\27f10b9.msi
+ 2007-08-10 00:08 . 2007-08-10 00:08 314368 c:\windows\Installer\27f10b3.msi
+ 2007-08-10 00:08 . 2007-08-10 00:08 303104 c:\windows\Installer\27f10ae.msi
+ 2007-08-10 00:07 . 2007-08-10 00:07 479232 c:\windows\Installer\27f107c.msi
+ 2007-08-10 00:07 . 2007-08-10 00:07 121344 c:\windows\Installer\27f1074.msi
+ 2007-08-10 00:07 . 2007-08-10 00:07 344064 c:\windows\Installer\279a1ed.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 338944 c:\windows\Installer\279a1e8.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 557056 c:\windows\Installer\279a1e3.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 325632 c:\windows\Installer\279a1da.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 316416 c:\windows\Installer\279a1d5.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 467456 c:\windows\Installer\279a1d0.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 488448 c:\windows\Installer\279a1ca.msi
+ 2007-08-10 00:06 . 2007-08-10 00:06 537088 c:\windows\Installer\279a1c4.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 121344 c:\windows\Installer\279a198.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 489472 c:\windows\Installer\279a193.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 667136 c:\windows\Installer\279a18d.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 492032 c:\windows\Installer\279a186.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 121344 c:\windows\Installer\279a181.msi
+ 2007-08-10 00:05 . 2007-08-10 00:05 437248 c:\windows\Installer\279a17c.msi
+ 2007-08-10 00:04 . 2007-08-10 00:04 202240 c:\windows\Installer\279a174.msi
+ 2007-08-10 00:04 . 2007-08-10 00:04 795136 c:\windows\Installer\279a16f.msi
+ 2007-08-10 00:04 . 2007-08-10 00:04 547840 c:\windows\Installer\279a16a.msi
+ 2007-08-10 00:04 . 2007-08-10 00:04 637952 c:\windows\Installer\279a160.msi
+ 2007-08-10 00:04 . 2007-08-10 00:04 334848 c:\windows\Installer\279a15a.msi
+ 2009-12-02 20:54 . 2009-12-02 20:54 429568 c:\windows\Installer\21e86.msi
+ 2009-01-02 16:50 . 2009-01-02 16:50 432640 c:\windows\Installer\1f8e50.msi
+ 2003-07-10 12:24 . 2003-07-10 12:24 299520 c:\windows\Installer\1927bd.msi
+ 2007-03-18 23:16 . 2007-03-18 23:16 213504 c:\windows\Installer\18ccc1.msi
+ 2007-08-10 00:19 . 2007-08-10 00:19 244224 c:\windows\Installer\177d5.msi
+ 2007-08-10 00:19 . 2007-08-10 00:19 323072 c:\windows\Installer\177d0.msi
+ 2007-03-15 15:03 . 2007-03-15 15:03 189440 c:\windows\Installer\118535a.msi
+ 2009-11-05 21:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-05 21:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-10-14 15:34 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-14 15:34 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-14 15:34 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-14 15:34 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-14 15:34 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-07-30 11:54 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-30 11:54 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-30 11:54 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-30 11:54 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-30 11:54 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-30 11:54 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-30 11:54 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-30 11:54 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-30 11:54 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-09-10 16:58 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 16:58 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-06-12 19:18 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-12 19:18 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-12 19:18 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-12 19:18 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-12 19:18 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-12 19:18 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2006-02-14 02:50 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\ISScript11.Msi
+ 2009-10-14 15:30 . 2009-10-14 15:30 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16dddf83\System.Drawing.dll
+ 2009-07-07 11:37 . 2006-10-09 01:51 379184 c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2009-07-07 11:37 . 2006-10-09 01:51 221488 c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-14 15:28 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-14 15:28 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-10-14 15:31 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-14 15:31 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-08-12 11:14 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-08-12 11:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-08-12 11:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-08-12 11:08 . 2008-04-14 00:12 203776 c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-08-12 11:13 . 2006-10-19 02:47 314880 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-08-12 11:13 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-08-12 11:13 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-14 15:28 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2009-08-12 11:13 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-08-12 11:13 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-08-12 11:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-07-16 12:03 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-08-12 11:15 . 2008-04-14 00:12 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-08-12 11:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-07-16 12:03 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-16 12:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-08-12 11:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-10-14 15:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-14 15:29 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2009-08-30 12:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-30 12:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-06-12 19:13 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-12 19:13 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-12 19:13 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-12 19:17 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-12 19:17 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-14 15:31 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-09-10 16:59 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-10 16:59 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-06-12 19:13 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-12 19:13 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-08-12 11:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
+ 2009-08-12 11:07 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-08-12 11:07 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
+ 2009-08-12 11:07 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll
+ 2009-08-12 11:07 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll
+ 2009-08-12 11:07 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll
+ 2009-06-12 19:17 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-12 19:17 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-12 19:17 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-07-16 11:57 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-16 11:57 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-16 11:57 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-08-12 11:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-08-12 11:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-14 15:34 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-09-10 16:58 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-10 16:58 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-08-12 11:14 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-10-14 15:31 . 2006-10-19 02:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-14 15:31 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-14 15:31 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2009-11-05 21:05 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976749-IE8\update\updspapi.dll
+ 2009-11-05 21:05 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976749-IE8\update\update.exe
+ 2009-11-05 21:05 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976749-IE8\spuninst.exe
+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-14 15:28 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-14 15:28 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-14 15:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE8\update\updspapi.dll
+ 2009-10-14 15:34 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB974455-IE8\update\update.exe
+ 2009-10-14 15:34 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB974455-IE8\spuninst.exe
+ 2009-10-13 19:29 . 2009-08-29 08:01 916480 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 206848 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\occache.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 594432 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeeds.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 246272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieproxy.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 184320 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iepeers.dll
+ 2009-10-13 19:29 . 2009-08-29 08:01 387584 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iedkcs32.dll
+ 2009-10-13 19:29 . 2009-08-28 10:07 173056 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ie4uinit.exe
+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-14 15:31
JoeFixes
(But only if its Broke)

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 December 2009 - 01:07 PM

Hi again.

Please run ESET, online scanner.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please also let me know how the PC is running now. Describe any remaining problems.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 07 December 2009 - 05:01 PM

Hi Jedi,

I ran the Eset Scan and the log is below:

C:\Documents and Settings\Lori Kay\Shared\Top of Charts - 2003.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined
C:\Hijack This\backups\backup-20090504-180207-322.dll probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\Program Files\Support.com\backup\ne\newdotnet5_48.dll\221184_54a64af32_ probably a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Qoobox\Quarantine\C\mwag.exe.vir probably unknown NewHeur_PE virus deleted - quarantined
C:\Qoobox\Quarantine\C\vbpyh.exe.vir a variant of Win32/Kryptik.PT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\PCenter\pc.exe.vir Win32/Adware.PrivacyComponents application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156314.dll probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156383.exe Win32/Delf.OHO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156392.dll probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156403.exe Win32/Adware.WildTangent application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162556.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162568.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162804.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162859.dll a variant of Win32/Kryptik.BIG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162865.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1147\A0163040.dll probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1147\A0163041.EXE Win32/Adware.WBug.A application deleted - quarantined


All 3 of the browsers installed on the machine are working now, so I am happy to see that. Overall the machine seems to be better, but i'd prefer you check the logs for me and let me know if there is still anything that needs to be cleaned out.

Thanks for your continued help.


JoeFixes
JoeFixes
(But only if its Broke)

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 December 2009 - 03:18 AM

Hi again,

The ESET scanner mainly picked up leftovers, but just to be certain I would like to run a rootkit scan, as some variants of this trojan have a rootkit component. I'm fairly sure you are clean, this is just a precaution.

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to Desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

Click on Scan (1).

When the scan has run click Copy (2) and paste the results (if any) into this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 08 December 2009 - 04:26 PM

Hi Jedi,

Thanks for the continued help. Here is the log from GMER:

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-08 16:19:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LORIKA~1\LOCALS~1\Temp\fwldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF41796B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4179574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4179A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF417914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF417964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF417908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF41790F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF417976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF417972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF41798AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005DD6FD] C:\Program Files\AIM7\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005DD68F] C:\Program Files\AIM7\aim.exe (AOL Instant Messenger/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Please let me know what you think now.

Thank you

JoeFixes
JoeFixes
(But only if its Broke)

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 December 2009 - 05:10 AM

Hi again,

It's all looking good. How's the PC running now? Any continuing problems?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 550 posts

Posted 10 December 2009 - 08:58 AM

Hi Jedi,

No, it seems to be running well. Thanks for sticking with me on this, I really appreciate your help.

JoeFixes
JoeFixes
(But only if its Broke)

#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 December 2009 - 04:35 PM

You're welcome. :)

You might find this article useful.
How did I get Infected?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 December 2009 - 09:01 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button