• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
JoeFixes

Explorer is being blocked...possible trojan??

15 posts in this topic

Hello,

 

I am limping along right now, enough to get a few tools working. But something needs to be cleaned properly and I am not quite advanced enough to do it alone.

 

The help of an expert will be greatly appreciated. MY HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:09:04 PM, on 12/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\AIM7\aim.exe

C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\TouchKit\TouchTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115:9091/img/NetCamPlayerWeb11g.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230899921692

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://198.252.45.126/activex/AMC.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab

O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/classes/BPPrintClient.cab?ver=2,0,0,54

O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: MULUMOBU.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 14307 bytes

Share this post


Link to post
Share on other sites

Hi,

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer.

You can reenable TeaTimer once your system is clean.

 

Next:


  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version. [Also check for updates manually].
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi

 

Thanks for your reply. I will take care of the Spybot Teatimer issue, but more importantly is the MBAM issue.

 

I previously had MalwareBytes installed on this computer but it seems as though the virus has hijacked the execute file from both MalwareBytes and also from SPybot S&D (my 2 favorite anti-spyware programs) I tried downloading a fresh copy of MBAM but I am not able to do so. It does download but I am not able to install it as it give me an error message of :MOT ABLE TO EXECUTE FILE MBAM.EXE" something to that effect. Before I posted I did a little bit of research and found an old post by MIEKIEMOES helping someone with a similar problem and she had created a link for MBAM with the execute file renames "EXPLORER.EXE". I was able to download that and install that but it does not let me updated the definition files. So whatever it is thats stopping me is kind of nasty.

 

Have you got any thoughts about a way to get MBAM to run with a current set of Def files?

 

Thanks

 

JoeFixes

Share this post


Link to post
Share on other sites

Hi again,

 

Are you able to launch MBAM? If so, are you able to perform the Quick Scan as described in my post above, without updating?

 

jedi

Share this post


Link to post
Share on other sites

Hi,

 

Okay...I was able to run MBAM using the download link from MieKieMoe. But I am not able to update. The scan did detect trojans and there were 2 files it was not ab le to remove until after start up. Also, I am not able to start Spybot S&D so unless you know another way to do so, I was not able to disable teatimer.

 

By the way...on startup I got this new error message:

 

ERROR LOADING C:\WINDOWS\SYSTEM32\BINOSINO.DLL

THE SPECIFIED MODULE COULD NOT BE FOUND

 

The log from MBAM is below and under that is a fresh hijack this log. Thank you for your continued help.

 

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

 

12/05/2009 10:06:57 AM

mbam-log-2009-12-05 (10-06-57).txt

 

Scan type: Quick Scan

Objects scanned: 112201

Time elapsed: 16 minute(s), 10 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a180a409-7ca6-476c-91f8-ad74b2b0e176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vojuvewow (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a180a409-7ca6-476c-91f8-ad74b2b0e176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gevefebew (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\binosino.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\binosino.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\wenijalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yeyapoyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

-----------------------------------------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:14:27 AM, on 12/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\AIM7\aim.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TouchKit\TouchTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lori Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115:9091/img/NetCamPlayerWeb11g.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230899921692

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://198.252.45.126/activex/AMC.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab

O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestation.com/common/classes/BPPrintClient.cab?ver=2,0,0,54

O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: MULUMOBU.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 14172 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Re:

ERROR LOADING C:\WINDOWS\SYSTEM32\BINOSINO.DLL

THE SPECIFIED MODULE COULD NOT BE FOUND

 

MBAM has removed the malware .dll (c:\WINDOWS\system32\binosino.dll (Trojan.Vundo.H) -> Delete on reboot.) but there's still a registry item calling for the missing .dll. I'll deal with that in due course.

 

Scan with HiJackThis and put a check in the box next to the following item;

 

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

Close all browsers and windows, click on ‘Fix checked’ and allow HJT to fix this entry.

 

Restart.

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RC1.png

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

cfRC_screen_2.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi,

 

That process went smoothly. The ComboFix log is below:

 

ComboFix 09-12-05.03 - Lori Kay 12/05/2009 19:35.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.458 [GMT -5:00]

Running from: c:\documents and settings\Lori Kay\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 091205-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\kagohaku.dll

c:\windows\system32\mulumobu.dll

c:\windows\Tasks\hzdscadb.job

 

.

((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))

.

 

2009-12-03 02:43 . 2009-12-03 02:47 -------- d-----w- c:\documents and settings\Lori Kay\Local Settings\Application Data\Temp

2009-11-24 00:49 . 2009-12-03 03:26 1426 ----a-w- c:\windows\system32\Wbconf.dat

2009-11-24 00:49 . 2009-12-03 03:26 153827 ----a-w- c:\windows\system32\WBLog.dat

2009-11-24 00:49 . 2009-11-24 01:00 975 ----a-w- c:\windows\system32\wbUsUBlk.Dat

2009-11-24 00:49 . 2009-11-24 00:52 1023 ----a-w- c:\windows\system32\WBUS.dat

2009-11-24 00:49 . 2006-04-03 02:44 641536 ----a-w- c:\windows\system32\WeUninstall.exe

2009-11-24 00:49 . 2006-03-29 22:18 7829808 ----a-w- c:\windows\system32\Wb025.dat

2009-11-24 00:49 . 2006-03-29 22:18 63538 ----a-w- c:\windows\system32\Wb100.dat

2009-11-24 00:49 . 2006-03-29 22:18 5065555 ----a-w- c:\windows\system32\Wb015.dat

2009-11-24 00:49 . 2006-03-29 22:18 1142642 ----a-w- c:\windows\system32\Wb035.dat

2009-11-24 00:49 . 2001-05-24 18:11 12583 ----a-w- c:\windows\system32\WbWords.dat

2009-11-24 00:49 . 2001-03-15 21:40 98 ----a-w- c:\windows\system32\wbUsBlk.Dat

2009-11-24 00:49 . 1999-05-08 04:13 52 ----a-w- c:\windows\system32\nwt.sys

2009-11-24 00:37 . 2009-11-24 00:37 152576 ----a-w- c:\documents and settings\Lori Kay\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-24 00:36 . 2009-11-24 00:36 79488 ----a-w- c:\documents and settings\Lori Kay\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-15 13:22 . 2009-11-15 13:22 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\Malwarebytes

2009-11-15 13:21 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-15 13:21 . 2009-11-15 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-15 13:21 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-15 13:21 . 2009-12-05 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-05 14:33 . 2007-04-17 15:35 -------- d-----w- c:\program files\LogMeIn

2009-12-03 02:39 . 2003-12-31 19:00 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-24 23:54 . 2009-03-23 10:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:51 . 2009-03-23 10:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-24 23:50 . 2009-03-23 10:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-24 23:50 . 2009-03-23 10:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2009-03-23 10:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2009-03-23 10:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2009-03-23 10:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2009-03-23 10:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-24 23:47 . 2009-03-23 10:59 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-24 00:52 . 2003-12-31 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-24 00:40 . 2006-11-12 21:02 -------- d-----w- c:\program files\Java

2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\AIM Toolbar

2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar

2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\Common Files\Software Update Utility

2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2009-10-27 22:03 . 2009-10-27 22:01 -------- d-----w- c:\program files\AIM7

2009-10-24 15:38 . 2009-10-24 15:38 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\Viewpoint

2009-10-24 15:36 . 2004-01-09 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-10-24 15:36 . 2009-05-04 00:50 -------- d-----w- c:\program files\Viewpoint

2009-10-24 15:35 . 2007-03-18 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo

2009-10-24 15:35 . 2006-04-08 23:24 -------- d-----w- c:\program files\Yahoo!

2009-10-24 14:45 . 2005-03-17 01:39 -------- d-----w- c:\program files\CCleaner

2009-10-14 22:03 . 2003-07-11 18:58 -------- d-----w- c:\documents and settings\Lori Kay\Application Data\MSN6

2009-10-11 09:17 . 2009-03-23 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 20:57 . 2007-06-03 23:58 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2009-10-01 20:57 . 2007-04-17 15:35 28984 ----a-w- c:\windows\system32\LMIport.dll

2009-10-01 20:57 . 2007-04-17 15:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-07 20:27 . 2007-11-24 19:41 25248 ----a-w- c:\windows\system32\LMImirr.dll

2009-09-07 20:27 . 2006-10-06 23:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll

2009-12-01 21:45 . 2006-10-18 10:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2007-12-09 17:15 . 2006-06-11 21:22 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-12-09 17:15 . 2006-06-11 21:22 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-12-09 17:15 . 2007-12-09 17:15 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-12-09 17:15 . 2007-12-09 17:15 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-12-09 17:15 . 2006-06-11 21:22 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-08_15.27.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-03 02:36 . 2009-12-03 02:36 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat

+ 2009-12-06 00:51 . 2009-12-06 00:51 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat

+ 2009-12-06 00:52 . 2009-12-06 00:52 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat

+ 2005-05-26 08:16 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll

+ 2004-08-13 12:32 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll

+ 2003-09-09 11:09 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe

+ 2001-08-23 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll

+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe

+ 2003-09-09 11:07 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe

+ 2003-09-09 11:09 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe

+ 2007-04-17 15:35 . 2009-10-01 20:57 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

- 2007-04-17 15:35 . 2009-01-03 12:55 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll

+ 2007-04-17 15:35 . 2009-10-01 20:57 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll

+ 2009-10-03 13:36 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2009-10-03 13:36 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

- 2003-09-09 11:09 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll

+ 2003-09-09 11:09 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll

+ 2009-07-07 11:37 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\hidserv.dll

+ 2009-07-07 11:36 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\hidserv.dll

- 2002-12-27 23:06 . 2009-04-16 22:26 51576 c:\windows\system32\perfc009.dat

+ 2002-12-27 23:06 . 2009-11-01 11:08 51576 c:\windows\system32\perfc009.dat

- 2006-11-08 02:03 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll

+ 2006-11-08 02:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll

+ 2001-08-23 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll

- 2007-05-03 10:35 . 2009-01-02 16:20 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2007-05-03 10:35 . 2009-06-14 00:46 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2001-08-23 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll

+ 2001-08-23 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll

+ 2001-08-23 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll

+ 2006-11-02 11:22 . 2006-11-02 11:22 32224 c:\windows\system32\drivers\wdfldr.sys

+ 2009-05-09 05:14 . 2009-05-09 05:14 14736 c:\windows\system32\drivers\nuidfltr.sys

+ 2001-08-23 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys

+ 2009-07-07 11:36 . 2008-04-13 23:11 21504 c:\windows\system32\drivers\hidserv.dll

+ 2009-06-11 20:56 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2004-08-13 12:32 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2003-09-09 11:09 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll

+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe

+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe

- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll

+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll

+ 2007-05-09 20:17 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-05-09 20:17 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll

+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys

+ 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2006-05-10 05:22 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll

+ 2003-09-09 11:06 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll

+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll

- 2002-12-28 00:18 . 2009-01-02 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2002-12-28 00:18 . 2009-01-02 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2002-12-28 00:18 . 2009-12-05 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2003-09-09 11:06 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll

+ 2003-09-09 11:06 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll

- 2003-09-09 11:06 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll

+ 2003-09-09 11:06 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll

- 2003-09-09 11:06 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll

+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2009-05-03 01:58 . 2009-05-03 01:58 24064 c:\windows\Installer\31bc73b.msi

+ 2005-09-06 00:28 . 2005-09-06 00:28 20480 c:\windows\Installer\2c39b35.msi

+ 2009-12-02 20:54 . 2009-12-02 20:54 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe

+ 2009-10-14 15:34 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll

+ 2009-07-30 11:54 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll

+ 2009-07-30 11:54 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll

+ 2009-07-30 11:54 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll

+ 2009-06-12 19:18 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll

+ 2009-06-12 19:18 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll

+ 2002-12-27 23:04 . 2001-08-18 12:00 67584 c:\windows\I386\WINNT32.MSI

+ 2009-10-14 15:30 . 2009-10-14 15:30 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fc7235e9\System.Drawing.Design.dll

+ 2009-10-14 15:30 . 2009-10-14 15:30 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c71d0d1d\CustomMarshalers.dll

+ 2009-07-07 11:37 . 2006-11-02 11:22 51680 c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll

+ 2009-10-14 15:30 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll

+ 2009-08-12 11:13 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB973507$\atl.dll

+ 2009-08-12 11:14 . 2008-04-14 00:11 84992 c:\windows\$NtUninstallKB971557$\avifil32.dll

+ 2009-08-30 12:56 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe

+ 2009-08-30 12:56 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll

+ 2009-08-12 11:07 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll

+ 2009-08-12 11:07 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll

+ 2009-08-12 11:07 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys

+ 2009-07-16 11:57 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll

+ 2009-08-12 11:15 . 2008-04-14 00:12 78336 c:\windows\$NtUninstallKB960859$\tlntsess.exe

+ 2009-08-12 11:15 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB960859$\telnet.exe

+ 2009-11-05 21:05 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976749-IE8\update\spcustom.dll

+ 2009-11-05 21:05 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976749-IE8\spmsg.dll

+ 2009-10-14 15:28 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll

+ 2009-10-14 15:28 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll

+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll

+ 2009-10-14 15:34 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB974455-IE8\update\spcustom.dll

+ 2009-10-14 15:34 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB974455-IE8\spmsg.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 12800 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\xpshims.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 55296 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeedsbs.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 25600 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\jsproxy.dll

+ 2009-10-14 15:31 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll

+ 2009-10-14 15:31 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll

+ 2009-08-12 11:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll

+ 2009-08-12 11:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll

+ 2009-10-14 15:28 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll

+ 2009-10-14 15:28 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll

+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll

+ 2009-07-30 11:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll

+ 2009-07-30 11:54 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll

+ 2009-07-29 16:58 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll

+ 2009-07-29 16:58 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll

+ 2009-07-29 16:58 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll

+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll

+ 2009-10-14 15:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll

+ 2009-10-14 15:29 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll

+ 2009-06-12 19:13 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll

+ 2009-06-12 19:13 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll

+ 2009-06-12 19:17 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll

+ 2009-06-12 19:17 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll

+ 2009-06-12 19:18 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll

+ 2009-06-12 19:18 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll

+ 2009-06-11 20:56 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll

+ 2009-06-11 20:56 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll

+ 2009-10-14 15:31 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll

+ 2009-10-14 15:31 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll

+ 2009-06-12 19:13 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll

+ 2009-06-12 19:13 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll

+ 2009-08-12 11:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll

+ 2009-08-12 11:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll

+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll

+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll

+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys

+ 2009-06-12 19:17 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll

+ 2009-06-12 19:17 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll

+ 2009-07-16 11:57 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll

+ 2009-07-16 11:57 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll

+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll

+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe

+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe

+ 2009-09-10 16:58 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956744\spmsg.dll

+ 2004-08-13 12:32 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll

+ 2004-08-13 12:32 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll

+ 2004-08-13 12:32 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll

+ 2004-01-13 19:26 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll

+ 2004-01-13 19:26 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll

+ 2001-08-23 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll

- 2001-08-23 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll

+ 2004-02-06 22:05 . 2009-08-29 08:08 916480 c:\windows\system32\wininet.dll

+ 2001-08-23 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll

+ 2003-09-09 11:09 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll

- 2003-09-09 11:09 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll

+ 2001-08-23 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll

+ 2004-04-15 11:24 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll

+ 2002-12-27 23:06 . 2009-11-01 11:08 375828 c:\windows\system32\perfh009.dat

- 2002-12-27 23:06 . 2009-04-16 22:26 375828 c:\windows\system32\perfh009.dat

+ 2001-08-23 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll

+ 2004-01-17 01:13 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll

+ 2006-11-08 02:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll

- 2006-11-08 02:03 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll

+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe

+ 2001-08-23 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll

+ 2001-08-23 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll

+ 2003-09-09 11:07 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll

- 2003-01-13 18:57 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll

+ 2003-01-13 18:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll

+ 2009-11-24 00:40 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe

+ 2009-11-24 00:40 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe

+ 2009-11-24 00:40 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe

+ 2003-09-09 11:06 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll

+ 2003-09-09 11:06 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll

+ 2003-09-09 11:06 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe

- 2003-09-09 11:06 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe

- 2002-12-27 16:09 . 2009-03-11 22:51 274168 c:\windows\system32\FNTCACHE.DAT

+ 2002-12-27 16:09 . 2009-11-11 13:29 274168 c:\windows\system32\FNTCACHE.DAT

+ 2006-11-02 11:22 . 2006-11-02 11:22 492000 c:\windows\system32\drivers\wdf01000.sys

+ 2004-08-13 12:32 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2004-08-13 12:32 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2004-08-13 12:32 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2004-01-13 19:26 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll

+ 2004-01-13 19:26 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll

+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-09-09 19:55 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll

+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll

- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll

+ 2006-10-17 17:04 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll

+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2007-05-09 20:17 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll

- 2007-05-09 20:17 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-04-15 20:21 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll

+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll

- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll

+ 2009-06-11 20:56 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll

+ 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2006-11-07 08:27 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2006-11-07 08:26 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2006-11-07 08:26 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-01-02 14:24 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi

+ 2009-01-02 14:24 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi

- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2002-12-28 00:20 . 2002-12-28 00:20 264704 c:\windows\Installer\c89d.msi

+ 2004-12-27 21:34 . 2004-12-27 21:34 801792 c:\windows\Installer\b12de7.msi

+ 2007-10-12 01:01 . 2007-10-12 01:01 282624 c:\windows\Installer\93a53.msi

+ 2009-03-23 10:44 . 2009-03-23 10:44 562176 c:\windows\Installer\74f77.msi

+ 2009-01-07 17:41 . 2009-01-07 17:41 474624 c:\windows\Installer\60193.msi

+ 2004-12-25 13:06 . 2004-12-25 13:06 854528 c:\windows\Installer\4cd8b0.msi

+ 2009-05-04 00:07 . 2009-05-04 00:07 122880 c:\windows\Installer\498086.msi

+ 2006-11-16 03:00 . 2006-11-16 03:00 428544 c:\windows\Installer\364a57c.msi

+ 2007-08-16 01:44 . 2007-08-16 01:44 431104 c:\windows\Installer\35179e3.msi

+ 2007-01-24 01:56 . 2007-01-24 01:56 425984 c:\windows\Installer\32b555d.msi

+ 2007-08-15 23:25 . 2007-08-15 23:25 912384 c:\windows\Installer\2cf32b5.msi

+ 2007-08-10 00:12 . 2007-08-10 00:12 291328 c:\windows\Installer\281debc.msi

+ 2007-08-10 00:11 . 2007-08-10 00:11 121344 c:\windows\Installer\281deb4.msi

+ 2007-08-10 00:11 . 2007-08-10 00:11 477696 c:\windows\Installer\281deaf.msi

+ 2007-08-10 00:11 . 2007-08-10 00:11 121344 c:\windows\Installer\281dea7.msi

+ 2007-08-10 00:10 . 2007-08-10 00:10 121344 c:\windows\Installer\281de9f.msi

+ 2007-08-10 00:10 . 2007-08-10 00:10 609280 c:\windows\Installer\27f11c5.msi

+ 2007-08-10 00:09 . 2007-08-10 00:09 304128 c:\windows\Installer\27f10d8.msi

+ 2007-08-10 00:09 . 2007-08-10 00:09 304128 c:\windows\Installer\27f10d2.msi

+ 2007-08-10 00:09 . 2007-08-10 00:09 310272 c:\windows\Installer\27f10cc.msi

+ 2007-08-10 00:09 . 2007-08-10 00:09 390144 c:\windows\Installer\27f10c6.msi

+ 2007-08-10 00:09 . 2007-08-10 00:09 314368 c:\windows\Installer\27f10be.msi

+ 2007-08-10 00:08 . 2007-08-10 00:08 304128 c:\windows\Installer\27f10b9.msi

+ 2007-08-10 00:08 . 2007-08-10 00:08 314368 c:\windows\Installer\27f10b3.msi

+ 2007-08-10 00:08 . 2007-08-10 00:08 303104 c:\windows\Installer\27f10ae.msi

+ 2007-08-10 00:07 . 2007-08-10 00:07 479232 c:\windows\Installer\27f107c.msi

+ 2007-08-10 00:07 . 2007-08-10 00:07 121344 c:\windows\Installer\27f1074.msi

+ 2007-08-10 00:07 . 2007-08-10 00:07 344064 c:\windows\Installer\279a1ed.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 338944 c:\windows\Installer\279a1e8.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 557056 c:\windows\Installer\279a1e3.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 325632 c:\windows\Installer\279a1da.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 316416 c:\windows\Installer\279a1d5.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 467456 c:\windows\Installer\279a1d0.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 488448 c:\windows\Installer\279a1ca.msi

+ 2007-08-10 00:06 . 2007-08-10 00:06 537088 c:\windows\Installer\279a1c4.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 121344 c:\windows\Installer\279a198.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 489472 c:\windows\Installer\279a193.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 667136 c:\windows\Installer\279a18d.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 492032 c:\windows\Installer\279a186.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 121344 c:\windows\Installer\279a181.msi

+ 2007-08-10 00:05 . 2007-08-10 00:05 437248 c:\windows\Installer\279a17c.msi

+ 2007-08-10 00:04 . 2007-08-10 00:04 202240 c:\windows\Installer\279a174.msi

+ 2007-08-10 00:04 . 2007-08-10 00:04 795136 c:\windows\Installer\279a16f.msi

+ 2007-08-10 00:04 . 2007-08-10 00:04 547840 c:\windows\Installer\279a16a.msi

+ 2007-08-10 00:04 . 2007-08-10 00:04 637952 c:\windows\Installer\279a160.msi

+ 2007-08-10 00:04 . 2007-08-10 00:04 334848 c:\windows\Installer\279a15a.msi

+ 2009-12-02 20:54 . 2009-12-02 20:54 429568 c:\windows\Installer\21e86.msi

+ 2009-01-02 16:50 . 2009-01-02 16:50 432640 c:\windows\Installer\1f8e50.msi

+ 2003-07-10 12:24 . 2003-07-10 12:24 299520 c:\windows\Installer\1927bd.msi

+ 2007-03-18 23:16 . 2007-03-18 23:16 213504 c:\windows\Installer\18ccc1.msi

+ 2007-08-10 00:19 . 2007-08-10 00:19 244224 c:\windows\Installer\177d5.msi

+ 2007-08-10 00:19 . 2007-08-10 00:19 323072 c:\windows\Installer\177d0.msi

+ 2007-03-15 15:03 . 2007-03-15 15:03 189440 c:\windows\Installer\118535a.msi

+ 2009-11-05 21:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll

+ 2009-11-05 21:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe

+ 2009-10-14 15:34 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll

+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll

+ 2009-10-14 15:34 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe

+ 2009-10-14 15:34 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll

+ 2009-10-14 15:34 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll

+ 2009-10-14 15:34 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe

+ 2009-07-30 11:54 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll

+ 2009-07-30 11:54 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll

+ 2009-07-30 11:54 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe

+ 2009-07-30 11:54 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll

+ 2009-07-30 11:54 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll

+ 2009-07-30 11:54 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll

+ 2009-07-30 11:54 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll

+ 2009-07-30 11:54 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll

+ 2009-07-30 11:54 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe

+ 2009-09-10 16:58 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe

+ 2009-09-10 16:58 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll

+ 2009-06-12 19:18 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll

+ 2009-06-12 19:18 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll

+ 2009-06-12 19:18 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe

+ 2009-06-12 19:18 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll

+ 2009-06-12 19:18 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll

+ 2009-06-12 19:18 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe

+ 2006-02-14 02:50 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\ISScript11.Msi

+ 2009-10-14 15:30 . 2009-10-14 15:30 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16dddf83\System.Drawing.dll

+ 2009-07-07 11:37 . 2006-10-09 01:51 379184 c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll

+ 2009-07-07 11:37 . 2006-10-09 01:51 221488 c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe

+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll

+ 2009-10-14 15:28 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe

+ 2009-10-14 15:28 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe

+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe

+ 2009-10-14 15:31 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll

+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll

+ 2009-10-14 15:31 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe

+ 2009-08-12 11:14 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe

+ 2009-08-12 11:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll

+ 2009-08-12 11:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe

+ 2009-08-12 11:08 . 2008-04-14 00:12 203776 c:\windows\$NtUninstallKB973815$\mswebdvd.dll

+ 2009-08-12 11:13 . 2006-10-19 02:47 314880 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll

+ 2009-08-12 11:13 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll

+ 2009-08-12 11:13 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe

+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll

+ 2009-10-14 15:28 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe

+ 2009-08-12 11:13 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe

+ 2009-08-12 11:13 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll

+ 2009-08-12 11:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe

+ 2009-07-16 12:03 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe

+ 2009-08-12 11:15 . 2008-04-14 00:12 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll

+ 2009-08-12 11:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe

+ 2009-07-16 12:03 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll

+ 2009-07-16 12:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe

+ 2009-08-12 11:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe

+ 2009-10-14 15:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll

+ 2009-10-14 15:29 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe

+ 2009-08-30 12:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll

+ 2009-08-30 12:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe

+ 2009-06-12 19:13 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll

+ 2009-06-12 19:13 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe

+ 2009-06-12 19:13 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll

+ 2009-06-12 19:17 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll

+ 2009-06-12 19:17 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe

+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll

+ 2009-10-14 15:31 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe

+ 2009-09-10 16:59 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll

+ 2009-09-10 16:59 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe

+ 2009-06-12 19:13 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll

+ 2009-06-12 19:13 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe

+ 2009-08-12 11:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll

+ 2009-08-12 11:07 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe

+ 2009-08-12 11:07 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll

+ 2009-08-12 11:07 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll

+ 2009-08-12 11:07 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll

+ 2009-08-12 11:07 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll

+ 2009-06-12 19:17 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll

+ 2009-06-12 19:17 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe

+ 2009-06-12 19:17 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll

+ 2009-07-16 11:57 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll

+ 2009-07-16 11:57 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll

+ 2009-07-16 11:57 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe

+ 2009-08-12 11:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll

+ 2009-08-12 11:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe

+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll

+ 2009-10-14 15:34 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe

+ 2009-09-10 16:58 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll

+ 2009-09-10 16:58 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe

+ 2009-08-12 11:14 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll

+ 2009-08-12 11:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe

+ 2009-10-14 15:31 . 2006-10-19 02:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll

+ 2009-10-14 15:31 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll

+ 2009-10-14 15:31 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe

+ 2009-11-05 21:05 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976749-IE8\update\updspapi.dll

+ 2009-11-05 21:05 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976749-IE8\update\update.exe

+ 2009-11-05 21:05 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976749-IE8\spuninst.exe

+ 2009-10-14 15:28 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll

+ 2009-10-14 15:28 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe

+ 2009-10-14 15:28 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe

+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe

+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe

+ 2009-10-14 15:30 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll

+ 2009-10-14 15:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe

+ 2009-10-14 15:30 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe

+ 2009-10-14 15:34 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE8\update\updspapi.dll

+ 2009-10-14 15:34 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB974455-IE8\update\update.exe

+ 2009-10-14 15:34 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB974455-IE8\spuninst.exe

+ 2009-10-13 19:29 . 2009-08-29 08:01 916480 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 206848 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\occache.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 594432 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\msfeeds.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 246272 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ieproxy.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 184320 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iepeers.dll

+ 2009-10-13 19:29 . 2009-08-29 08:01 387584 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\iedkcs32.dll

+ 2009-10-13 19:29 . 2009-08-28 10:07 173056 c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\ie4uinit.exe

+ 2009-10-14 15:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll

+ 2009-10-14 15:31

Share this post


Link to post
Share on other sites

Hi again.

 

Please run ESET, online scanner.

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

[*]Check esetAcceptTerms.png

[*]Click the esetStart.png button.

[*]Accept any security warnings from your browser.

[*]Check esetScanArchives.png

[*]Push the Start button.

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push esetListThreats.png

[*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the esetBack.png button.

[*]Push esetFinish.png

Please also let me know how the PC is running now. Describe any remaining problems.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi,

 

I ran the Eset Scan and the log is below:

 

C:\Documents and Settings\Lori Kay\Shared\Top of Charts - 2003.wma WMA/TrojanDownloader.Wimad.D trojan cleaned by deleting - quarantined

C:\Hijack This\backups\backup-20090504-180207-322.dll probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined

C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined

C:\Program Files\Support.com\backup\ne\newdotnet5_48.dll\221184_54a64af32_ probably a variant of Win32/Adware.OneStep application deleted - quarantined

C:\Qoobox\Quarantine\C\mwag.exe.vir probably unknown NewHeur_PE virus deleted - quarantined

C:\Qoobox\Quarantine\C\vbpyh.exe.vir a variant of Win32/Kryptik.PT trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\PCenter\pc.exe.vir Win32/Adware.PrivacyComponents application cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156314.dll probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156383.exe Win32/Delf.OHO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156392.dll probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1124\A0156403.exe Win32/Adware.WildTangent application cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162556.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162568.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162804.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162859.dll a variant of Win32/Kryptik.BIG trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1145\A0162865.dll a variant of Win32/Kryptik.BIF trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1147\A0163040.dll probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{2809C5D7-57F6-457F-B944-FD0D269F504C}\RP1147\A0163041.EXE Win32/Adware.WBug.A application deleted - quarantined

 

 

All 3 of the browsers installed on the machine are working now, so I am happy to see that. Overall the machine seems to be better, but i'd prefer you check the logs for me and let me know if there is still anything that needs to be cleaned out.

 

Thanks for your continued help.

 

 

JoeFixes

Share this post


Link to post
Share on other sites

Hi again,

 

The ESET scanner mainly picked up leftovers, but just to be certain I would like to run a rootkit scan, as some variants of this trojan have a rootkit component. I'm fairly sure you are clean, this is just a precaution.

 

Download GMER from here:

http://www.gmer.net/gmer.zip

 

Unzip it to Desktop.

 

Please close any open programs/windows!

 

Open the program and click on the Rootkit/Malware tab.

 

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

 

Click on Scan (1).

 

When the scan has run click Copy (2) and paste the results (if any) into this thread.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi,

 

Thanks for the continued help. Here is the log from GMER:

 

GMER 1.0.15.15273 - http://www.gmer.net

Rootkit scan 2009-12-08 16:19:41

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\LORIKA~1\LOCALS~1\Temp\fwldqpog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF41796B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4179574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4179A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF417914C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF417964E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF417908C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF41790F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF417976E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF417972E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF41798AE]

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[644] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005DD6FD] C:\Program Files\AIM7\aim.exe (AOL Instant Messenger/AOL LLC)

IAT C:\Program Files\AIM7\aim.exe[2392] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005DD68F] C:\Program Files\AIM7\aim.exe (AOL Instant Messenger/AOL LLC)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

---- EOF - GMER 1.0.15 ----

 

 

Please let me know what you think now.

 

Thank you

 

JoeFixes

Share this post


Link to post
Share on other sites

Hi again,

 

It's all looking good. How's the PC running now? Any continuing problems?

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi,

 

No, it seems to be running well. Thanks for sticking with me on this, I really appreciate your help.

 

JoeFixes

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0