Thanks. Here is the log from combofix:
ComboFix 09-05-09.05 - Nicholas Laidlaw 05/11/2009 15:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.651 [GMT -4:00]
Running from: c:\documents and settings\Nicholas Laidlaw\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nicholas Laidlaw\Desktop\CFScript.txt
FILE ::
c:\my music\More Music\foxboro hotboros.mp3
c:\my music\More Music\greece national anthem.mp3
c:\my music\More Music\june spirit new jersey.wm
c:\my music\More Music\red hot chili peppers bicycle.mp3
c:\my music\More Music\the summer set.mp3
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\ddsuper2[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\hnwtu[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\iolvvift[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\bqwkgherb[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\ddsuper0[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\ddsuper3[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NVCRJ9Z5\djspmz[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\ahurebocmi[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\ddsuper1[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\pifccpdnab[1].htm
c:\windows\Windows Update Setup Files\include.EXE
f:\c drive\My Music\More Music\foxboro hotboros.mp3
f:\c drive\My Music\More Music\greece national anthem.mp3
f:\c drive\My Music\More Music\june spirit new jersey.wm
f:\c drive\My Music\More Music\red hot chili peppers bicycle.mp3
f:\c drive\My Music\More Music\the summer set.mp3
f:\music\foxboro hotboros.mp3
f:\music\greece national anthem.mp3
f:\music\june spirit new jersey.wm
f:\music\red hot chili peppers bicycle.mp3
f:\music\the summer set.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\foxboro hotboros.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\greece national anthem.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\june spirit new jersey.wm
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\red hot chili peppers bicycle.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\the summer set.mp3
F:\pdtivk.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\my music\More Music\foxboro hotboros.mp3
c:\my music\More Music\greece national anthem.mp3
c:\my music\More Music\june spirit new jersey.wm
c:\my music\More Music\red hot chili peppers bicycle.mp3
c:\my music\More Music\the summer set.mp3
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\ddsuper2[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\hnwtu[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HSMPKAL6\iolvvift[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\bqwkgherb[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\ddsuper0[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV7E8NU7\ddsuper3[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NVCRJ9Z5\djspmz[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\ahurebocmi[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\ddsuper1[1].htm
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PBHB3FZR\pifccpdnab[1].htm
c:\windows\Windows Update Setup Files\include.EXE
f:\c drive\My Music\More Music\foxboro hotboros.mp3
f:\c drive\My Music\More Music\greece national anthem.mp3
f:\c drive\My Music\More Music\june spirit new jersey.wm
f:\c drive\My Music\More Music\red hot chili peppers bicycle.mp3
f:\c drive\My Music\More Music\the summer set.mp3
f:\music\foxboro hotboros.mp3
f:\music\greece national anthem.mp3
f:\music\june spirit new jersey.wm
f:\music\red hot chili peppers bicycle.mp3
f:\music\the summer set.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\foxboro hotboros.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\greece national anthem.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\june spirit new jersey.wm
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\red hot chili peppers bicycle.mp3
f:\nicholas laidlaw_backup_hd3\Memeo\Nicholas Laidlaw_Backup_HD3\C_\My Music\More Music\the summer set.mp3
F:\pdtivk.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ieruso
-------\Legacy_xjsjcevf
-------\Service_IerusO
-------\Service_xjsjcevf
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-10 16:19 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-10 16:19 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-10 16:19 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-10 16:19 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-10 15:08 . 2009-05-10 15:09 -------- d---a-w C:\Music
2009-05-10 15:08 . 2009-05-10 15:08 -------- d---a-w C:\autorun
2009-05-10 15:08 . 2009-05-10 15:08 -------- d---a-w C:\Documentation
2009-05-10 15:08 . 2009-05-10 15:08 -------- d---a-w C:\wd_mac_tools
2009-05-10 15:04 . 2009-05-10 15:05 -------- d---a-w C:\wd_windows_tools
2009-05-10 15:04 . 2009-05-10 15:04 -------- d--h--w C:\_Memeo
2009-04-30 20:03 . 2009-04-30 20:03 -------- d-----w c:\documents and settings\Nicholas Laidlaw\Application Data\poydodkg
2009-04-30 20:03 . 2009-04-30 20:03 -------- d-----w c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\poydodkg
2009-04-29 21:17 . 2009-04-30 21:32 -------- d-----w c:\windows\system32\796525
2009-04-20 03:01 . 2009-04-20 03:01 -------- d-----w c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\{8F505A93-C9D2-41D8-913E-25ACE2208559}
2009-04-15 02:27 . 2009-04-15 02:27 -------- d-sh--w C:\found.001
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 16:05 . 2004-08-04 11:00 577536 ----a-w c:\windows\system32\user32.dll
2009-05-06 03:26 . 2005-08-01 16:08 2522 ----a-w c:\documents and settings\Nicholas Laidlaw\Application Data\wklnhst.dat
2009-04-30 19:50 . 2009-01-10 06:25 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-30 19:50 . 2004-08-04 11:00 14336 ----a-w c:\windows\system32\SVCHOST.EXE
2009-04-24 01:15 . 2009-04-10 20:31 -------- d-----w c:\program files\Google
2009-04-20 03:22 . 2009-01-10 06:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Picasa2
2009-04-10 20:31 . 2009-04-10 20:31 -------- d-----w c:\program files\Western Digital
2009-04-10 20:31 . 2009-04-10 20:30 -------- d-----w c:\program files\Common Files\eSellerate
2009-04-10 20:31 . 2009-04-10 20:30 -------- d-----w c:\program files\Memeo
2009-04-10 20:29 . 2009-04-10 20:29 -------- d-----w c:\program files\Western Digital Corporation
2009-04-08 20:33 . 2009-04-08 20:33 -------- d-----w c:\program files\iTunes
2009-04-08 20:33 . 2005-07-18 23:06 -------- d-----w c:\program files\iPod
2009-04-07 23:21 . 2005-11-27 21:58 1100 ----a-w c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\d3d8caps.dat
2009-04-07 23:21 . 2005-08-07 11:35 1324 ----a-w c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\d3d9caps.dat
2009-04-06 19:32 . 2009-03-07 04:25 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-07 04:25 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 18:34 . 2008-12-07 19:11 -------- d-----w c:\program files\Common Files\Apple
2009-04-03 18:18 . 2009-03-20 20:12 -------- d-----w c:\program files\QuickTime
2009-04-03 16:11 . 2009-04-03 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-03 16:10 . 2007-11-15 20:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-01 19:50 . 2009-04-01 19:49 128 ----a-w c:\documents and settings\Guest Account\Application Data\wklnhst.dat
2009-03-19 20:32 . 2008-12-07 21:24 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 20:54 . 2009-03-11 20:51 143856 ----a-w c:\documents and settings\Guest Account\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:44 . 2004-08-04 11:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-04-03 18:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 03:59 . 2009-04-03 18:35 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 11:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 03:16 . 2005-07-16 06:46 143856 ----a-w c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 20:01 . 2005-11-26 20:01 32 --sha-w c:\windows\{7A9B4061-1BD3-4EB1-AB70-DF0377A29313}.dat
2005-11-26 20:01 . 2005-11-26 20:01 32 --sha-w c:\windows\SYSTEM32\{CDF7DBB0-9EE7-417A-9AF9-DAC0464C51D8}.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_16.08.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-06-16 10:03 . 2008-07-09 07:38 26488 c:\windows\SYSTEM32\spupdsvc.exe
- 2004-11-20 05:01 . 2007-11-30 11:18 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2004-11-20 05:01 . 2007-11-30 12:39 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2004-08-04 11:00 . 2009-02-03 20:08 55808 c:\windows\SYSTEM32\secur32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 55808 c:\windows\SYSTEM32\SECUR32.DLL
+ 2004-08-04 11:00 . 2009-02-06 16:54 35328 c:\windows\SYSTEM32\sc.exe
- 2004-08-04 11:00 . 2008-12-20 23:15 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2004-11-20 04:53 . 2009-05-11 19:42 65044 c:\windows\SYSTEM32\PERFC009.DAT
- 2004-11-20 04:53 . 2009-05-10 14:56 65044 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-08-04 11:00 . 2008-06-12 14:16 91648 c:\windows\SYSTEM32\mtxoci.dll
- 2004-08-04 11:00 . 2006-03-01 19:42 66560 c:\windows\SYSTEM32\mtxclu.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 66560 c:\windows\SYSTEM32\mtxclu.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\msfeedsbs.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\SYSTEM32\msfeedsbs.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 58880 c:\windows\SYSTEM32\MSDTCLOG.DLL
+ 2004-08-04 11:00 . 2008-06-12 14:16 58880 c:\windows\SYSTEM32\msdtclog.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2007-08-13 23:39 . 2008-12-19 09:10 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2004-08-04 11:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\iernonce.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 44544 c:\windows\SYSTEM32\iernonce.dll
- 2004-08-04 11:00 . 2008-12-19 09:10 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2004-08-04 11:00 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\icardie.dll
- 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\SYSTEM32\icardie.dll
+ 2004-08-04 11:00 . 2009-02-03 20:08 55808 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 55808 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\SYSTEM32\DLLCACHE\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\SYSTEM32\DLLCACHE\mtxclu.dll
+ 2007-11-29 03:07 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-11-29 03:07 . 2008-12-20 23:15 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\SYSTEM32\DLLCACHE\msdtclog.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-11-29 03:07 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-11-29 03:07 . 2008-12-19 09:10 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-08-13 23:39 . 2008-12-20 23:15 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-08-13 23:45 . 2007-08-13 23:45 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-08-13 23:45 . 2009-02-20 18:09 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2007-08-13 23:39 . 2008-12-19 09:10 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-13 23:39 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-11-29 03:07 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-11-29 03:07 . 2008-12-20 23:15 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2004-11-20 05:07 . 2009-05-11 04:37 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-11-20 05:07 . 2009-05-11 04:37 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2004-11-20 05:07 . 2009-05-11 04:37 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-11-20 05:07 . 2009-05-11 04:37 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-05-11 04:41 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-05-11 04:41 . 2007-08-13 23:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-05-11 04:41 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2004-11-20 05:07 . 2009-05-11 04:37 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-11-20 05:07 . 2009-05-11 04:37 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-11-20 05:07 . 2009-05-11 04:37 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2004-11-20 05:07 . 2009-02-04 01:47 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-04 11:00 . 2008-12-16 12:47 351232 c:\windows\SYSTEM32\winhttp.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 351232 c:\windows\SYSTEM32\WINHTTP.DLL
+ 2004-08-04 11:00 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\webcheck.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2004-08-04 11:00 . 2009-02-06 16:39 227840 c:\windows\SYSTEM32\WBEM\wmiprvse.exe
+ 2004-08-04 11:00 . 2009-02-09 10:20 453120 c:\windows\SYSTEM32\WBEM\wmiprvsd.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 473088 c:\windows\SYSTEM32\WBEM\fastprox.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\url.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-02-06 17:14 110592 c:\windows\SYSTEM32\services.exe
+ 2004-08-04 11:00 . 2009-02-09 10:20 399360 c:\windows\SYSTEM32\rpcss.dll
- 2004-11-20 04:53 . 2009-05-10 14:56 410574 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-11-20 04:53 . 2009-05-11 19:42 410574 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-08-04 11:00 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\occache.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 102912 c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 714752 c:\windows\SYSTEM32\ntdll.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 671232 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\mstime.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 193024 c:\windows\SYSTEM32\msrating.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\msrating.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\SYSTEM32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\msfeeds.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 161792 c:\windows\SYSTEM32\msdtcuiu.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 956928 c:\windows\SYSTEM32\msdtctm.dll
+ 2004-08-04 11:00 . 2008-06-12 14:16 428032 c:\windows\SYSTEM32\msdtcprx.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 723456 c:\windows\SYSTEM32\lsasrv.dll
+ 2004-08-04 11:00 . 2009-03-21 14:18 986112 c:\windows\SYSTEM32\kernel32.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\SYSTEM32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\ieapfltr.dll
- 2004-08-04 11:00 . 2008-12-19 05:23 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-04 11:00 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 230400 c:\windows\SYSTEM32\ieaksie.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\ieakeng.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 153088 c:\windows\SYSTEM32\ieakeng.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-02-06 16:39 227840 c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe
+ 2004-08-04 11:00 . 2009-02-09 10:20 453120 c:\windows\SYSTEM32\DLLCACHE\wmiprvsd.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 826368 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2004-08-04 11:00 . 2009-03-03 00:18 826368 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 351232 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
+ 2004-08-04 11:00 . 2008-12-16 12:47 351232 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2004-08-04 11:00 . 2009-02-06 17:14 110592 c:\windows\SYSTEM32\DLLCACHE\services.exe
+ 2004-08-04 11:00 . 2009-02-09 10:20 399360 c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
- 2007-08-13 23:44 . 2008-12-20 23:15 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2007-08-13 23:44 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 714752 c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-11-29 03:07 . 2008-12-20 23:15 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-11-29 03:07 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\SYSTEM32\DLLCACHE\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\SYSTEM32\DLLCACHE\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\SYSTEM32\DLLCACHE\msdtcprx.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 723456 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2004-08-04 11:00 . 2009-03-21 14:18 986112 c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
+ 2004-08-04 11:00 . 2009-02-28 04:54 636072 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-11-29 03:07 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-11-29 03:07 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-11-29 03:07 . 2008-12-20 23:15 383488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2007-08-13 22:56 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2007-08-13 22:56 . 2008-12-19 05:23 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-08-13 23:39 . 2008-12-20 23:15 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-08-13 23:39 . 2008-12-20 23:15 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2006-05-10 05:25 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-05-10 05:25 . 2008-12-20 23:15 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 616960 c:\windows\SYSTEM32\DLLCACHE\advapi32.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 616960 c:\windows\SYSTEM32\DLLCACHE\advapi32.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 124928 c:\windows\SYSTEM32\advpack.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\advpack.dll
+ 2004-08-04 11:00 . 2009-02-09 10:20 616960 c:\windows\SYSTEM32\advapi32.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 616960 c:\windows\SYSTEM32\ADVAPI32.DLL
- 2008-02-09 00:21 . 2009-03-12 03:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-06 20:32 . 2009-05-11 04:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-12-06 20:32 . 2009-03-12 03:04 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-05-11 04:41 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-05-11 04:41 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-05-11 04:41 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-05-11 04:41 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
- 2004-08-04 11:00 . 2008-12-20 23:15 1160192 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 1160192 c:\windows\SYSTEM32\urlmon.dll
- 2004-08-04 11:00 . 2008-05-07 05:18 1287680 c:\windows\SYSTEM32\quartz.dll
+ 2004-08-04 11:00 . 2008-12-20 22:43 1287680 c:\windows\SYSTEM32\quartz.dll
- 1980-01-01 06:00 . 2008-08-14 09:58 2136064 c:\windows\SYSTEM32\ntoskrnl.exe
+ 1980-01-01 06:00 . 2009-02-06 17:22 2136064 c:\windows\SYSTEM32\ntoskrnl.exe
- 1980-01-01 06:00 . 2008-08-14 09:22 2015744 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 1980-01-01 06:00 . 2009-02-06 16:49 2015744 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2004-08-04 11:00 . 2009-02-20 18:09 3595264 c:\windows\SYSTEM32\mshtml.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\ieframe.dll
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\SYSTEM32\ieapfltr.dat
- 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\SYSTEM32\ieapfltr.dat
- 2004-08-04 11:00 . 2008-12-20 23:15 1160192 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2004-08-04 11:00 . 2009-02-20 18:09 1160192 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-10-29 22:43 . 2008-12-20 22:43 1287680 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
- 2007-10-29 22:43 . 2008-05-07 05:18 1287680 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2015744 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2057728 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2006-12-19 14:15 . 2008-08-14 09:58 2136064 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2004-08-04 11:00 . 2009-02-20 18:09 3595264 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-11-29 03:07 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-11-29 03:07 . 2007-04-17 09:32 2455488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
+ 2007-11-29 03:07 . 2008-07-09 14:25 2455488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
- 2008-02-09 00:21 . 2009-03-12 03:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-02-09 00:21 . 2009-05-11 04:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-02-09 00:21 . 2009-03-12 03:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-05-11 04:41 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-05-11 04:41 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-05-11 04:41 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-05-11 04:41 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2009-05-11 04:39 . 2009-04-06 11:57 24921544 c:\windows\SYSTEM32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-24 39408]
"Google Update"="c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-13 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPZRCV01.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPZRCV01.LNK
backup=c:\windows\pss\HPZRCV01.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeffrey Laidlaw^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
[HKLM\~\startupfolder\C:^Documents and Settings^Nicholas Laidlaw^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Nicholas Laidlaw\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GCSVC"=2 (0x2)
"Windows Action Script"=2 (0x2)
"ScsiAccess"=2 (0x2)
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"KodakCCS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"bgsvcgen"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"fci"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Nicholas Laidlaw\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [11/7/2008 3:38 PM 25824]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\ZDCndis5.sys [6/25/2008 3:09 PM 19072]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\BRGSp50.sys [9/3/2006 3:01 PM 20608]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [4/9/2005 10:46 PM 19677]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11b9fcdb-b1c2-11dd-8b37-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-626145550-3952361536-1041508808-1008.job
- c:\documents and settings\Nicholas Laidlaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-13 22:13]
2009-05-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-01-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
FF - ProfilePath - c:\documents and settings\Nicholas Laidlaw\Application Data\Mozilla\Firefox\Profiles\l7493hpz.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-05-11 15:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-11 15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 19:58
ComboFix2.txt 2009-05-10 19:18
ComboFix3.txt 2009-05-10 16:19
Pre-Run: 12,585,824,256 bytes free
Post-Run: 12,634,411,008 bytes free
597 --- E O F --- 2009-05-11 04:41
Chevy Camaro Forum
Ford Mustang Forum
Jeep Wrangler Forum
Volkswagen Touareg Forum
Land Rover Defender Forum
