|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-05-2007, 02:23 PM
|
#21 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
It could be hardware/software problem,since you have tried to install SP2 prior to being infected.You really need to install SP2 as without it leaves your system wide open to attack regardless of what antivirus/firewall you have installed.
You may want to think about formatting the disc and install SP2 on a clean machine,if you have your windows XP cd,if not is this a Dell or HP machine Post a hijackthis log. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-05-2007, 02:30 PM
|
#22 (permalink) | |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Quote:
|
|
|
|
|
|
12-05-2007, 02:32 PM
|
#23 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:55 PM, on 12/5/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\WINDOWS\system32\spupdsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1196869228943 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1196869219840 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9967 bytes |
|
|
|
|
12-05-2007, 03:16 PM
|
#24 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
Hello again
Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ================================================== Clear IE7 cookies *On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. *On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. *Click OK, and then click OK again. =================================================== BitDefender Online Scan Go here and do the BitDefender online virus scan. * Click "I Agree" to agree to the EULA. * Allow the ActiveX control to install when prompted. * Leave the scanning options at default and press "Click here to scan" to begin the scan. * Please refrain from using the computer until the scan is finished. * When the scan is finished, click on "Click here to export the scan results" * Save the report to your desktop then come back here and post it in your next reply. ==================================================== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ===================================================== Logs Required C:\Combofix.txt BitDefender scan report Hijackthis log |
|
|
|
|
|
12-05-2007, 06:01 PM
|
#25 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
ComboFix 07-12-02.6 - Michael Bottella 2007-12-05 17:27:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.600 [GMT -5:00] Running from: C:\Documents and Settings\Michael Bottella\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael Bottella\Desktop\CFscript.txt * Created a new restore point FILE C:\WINDOWS\System32\msnvl.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_004469_.tmp.dll C:\WINDOWS\system32\_004470_.tmp.dll C:\WINDOWS\system32\_004471_.tmp.dll C:\WINDOWS\system32\_004472_.tmp.dll C:\WINDOWS\system32\_004479_.tmp.dll C:\WINDOWS\system32\_004480_.tmp.dll C:\WINDOWS\system32\_004481_.tmp.dll C:\WINDOWS\system32\_004483_.tmp.dll C:\WINDOWS\system32\_004484_.tmp.dll C:\WINDOWS\system32\_004487_.tmp.dll C:\WINDOWS\system32\_004488_.tmp.dll C:\WINDOWS\system32\_004490_.tmp.dll C:\WINDOWS\system32\_004491_.tmp.dll C:\WINDOWS\system32\_004492_.tmp.dll C:\WINDOWS\system32\_004494_.tmp.dll C:\WINDOWS\system32\_004495_.tmp.dll C:\WINDOWS\system32\_004497_.tmp.dll C:\WINDOWS\system32\_004501_.tmp.dll C:\WINDOWS\system32\_004502_.tmp.dll C:\WINDOWS\system32\_004504_.tmp.dll C:\WINDOWS\system32\_004507_.tmp.dll C:\WINDOWS\system32\_004509_.tmp.dll C:\WINDOWS\system32\_004510_.tmp.dll C:\WINDOWS\system32\_004511_.tmp.dll C:\WINDOWS\system32\_004512_.tmp.dll C:\WINDOWS\system32\_004515_.tmp.dll C:\WINDOWS\system32\_004517_.tmp.dll C:\WINDOWS\system32\_004518_.tmp.dll C:\WINDOWS\system32\_004519_.tmp.dll C:\WINDOWS\system32\_004523_.tmp.dll C:\WINDOWS\system32\_004525_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))) . 2007-12-05 14:27 . 2001-08-23 07:00 4,186,256 --------- C:\WINDOWS\system32\dllcache\luna.mst 2007-12-05 14:19 . 2004-08-04 02:56 8,384,000 --a------ C:\WINDOWS\system32\SET3CB.tmp 2007-12-05 14:18 . 2004-08-04 02:56 3,003,392 --a------ C:\WINDOWS\system32\SET4AE.tmp 2007-12-05 13:45 . 2007-12-05 13:45 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-05 13:33 . 2007-12-05 13:33 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$ 2007-12-05 13:31 . 2007-12-05 13:54 1,374 --a------ C:\WINDOWS\imsins.BAK 2007-12-05 13:18 . 2007-12-05 13:18 <DIR> d-------- C:\Program Files\Belarc 2007-12-05 13:18 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys 2007-12-05 10:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-04 11:23 . 2007-12-04 11:23 <DIR> d-------- C:\Deckard 2007-12-04 11:22 . 2007-12-04 11:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 17:57 . 2007-12-03 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-03 17:57 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-12-03 17:57 . 2007-12-03 17:57 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2007-12-03 17:56 . 2007-12-03 20:38 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-12-03 17:56 . 2007-12-03 17:56 <DIR> d-------- C:\Program Files\Panda Security 2007-12-03 17:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2007-12-03 17:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-03 17:51 . 2007-12-03 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 14:41 . 2007-12-03 14:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-03 14:41 . 2007-12-03 14:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-03 14:41 . 2007-12-03 14:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-03 14:40 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-03 13:47 . 2007-12-03 22:29 <DIR> d-------- C:\Program Files\Yahoo! 2007-12-03 13:47 . 2007-12-03 13:47 <DIR> d-------- C:\Program Files\CCleaner 2007-12-01 16:06 . 2007-12-01 16:07 <DIR> d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo 2007-12-01 15:09 . 2007-12-03 04:17 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-30 00:16 . 2007-11-30 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-30 00:15 . 2007-11-30 03:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Program Files\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-11-28 17:40 . 2007-11-28 17:40 216,576 --a------ C:\WINDOWS\system32\monln.dll 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-28 02:54 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\AppCert . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 22:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-04 19:11 --------- d-----w C:\Program Files\Java 2007-12-04 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-04 05:58 --------- d-----w C:\Program Files\eMule 2007-12-03 20:45 --------- d-----w C:\Program Files\SmartPopupBlocker 2007-12-03 20:37 --------- d-----w C:\Program Files\LeechGet 2006 2007-11-30 22:27 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\.ABC 2007-11-28 04:13 --------- d-----w C:\Program Files\PeerGuardian2 2007-11-27 06:04 --------- d-----w C:\Program Files\AIM6 2007-11-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-16 03:50 --------- d-----w C:\Program Files\Sony 2007-11-13 14:16 --------- d-----w C:\Program Files\Norton SystemWorks 2007-11-06 08:23 --------- d-----w C:\Program Files\MySpace 2007-10-21 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-10-21 02:36 --------- d-----w C:\Program Files\Security Task Manager 2007-10-19 00:09 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4 2007-10-08 18:40 --------- d-----w C:\Program Files\Alcohol Soft 2007-10-08 17:55 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\SlySoft 2007-10-08 16:40 --------- d-----w C:\Program Files\SlySoft 2007-10-08 15:39 --------- d-----w C:\Program Files\Common Files\cdrdao 2007-10-08 15:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 04:46 --------- d-----w C:\Program Files\ABC 2007-09-25 09:56 737,280 ----a-w C:\WINDOWS\iun6002.exe 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{18BEC826-02D5-4AFC-BAA8-C06B7EAB8247}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{523B879B-62A5-4392-812E-C5C284AAAEB0}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\{8B10D43A-7FBF-4947-8390-C8AEA7B1A949}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{9107C27E-3342-4C64-870B-2A9833AF5EA8}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{E181FAE3-12E5-4654-8CB9-3D85D62C6E5F}.dat 2005-10-08 06:58 32 --sha-w C:\WINDOWS\{FF9E27A5-0ED2-4D8F-B439-23DF433F51F3}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{4BE1F716-C1DB-473A-AF35-DF7BF40B97BC}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{5C486995-454D-49E0-AB83-DCFEE9493C6A}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{64E1E082-BD47-4A27-9249-CAF1E0BCEC51}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{800FBB96-2302-4899-9281-E5075BBA36DD}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{E7870D69-EE94-4DB9-8072-6DDBCBF01D05}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\system32\{ED529549-8B17-4BB0-A251-7996E420AC9B}.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-04_14.58.25.49 ))))))))))))))))))))))))))))))))))))))))) . + 2003-02-20 22:39:04 73,728 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\dbnetlib.dll + 2003-02-20 22:39:44 28,672 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\dbnmpntw.dll + 2003-02-20 22:38:58 315,392 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadce.dll + 2003-02-20 22:39:08 135,168 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadco.dll + 2003-02-20 22:39:10 49,152 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadcs.dll + 2003-02-20 22:39:00 147,456 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadds.dll + 2003-02-20 22:39:00 512,000 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msado15.dll + 2003-02-20 22:39:16 163,840 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadomd.dll + 2003-02-20 22:39:16 184,320 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadox.dll + 2003-02-20 22:39:00 53,248 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msadrh15.dll + 2003-02-20 22:39:20 225,280 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdaora.dll + 2003-02-20 22:39:00 192,512 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdaprst.dll + 2003-02-20 22:39:00 143,360 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdart.dll + 2003-02-20 22:39:00 303,104 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msdasql.dll + 2003-02-20 22:39:30 139,264 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\msorcl32.dll + 2003-02-20 22:39:02 221,184 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\odbc32.dll + 2003-02-20 22:39:42 24,576 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\odbcbcp.dll + 2003-02-20 22:39:02 442,368 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\oledb32.dll + 2006-02-17 19:04:44 213,216 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\spuninst.exe + 2006-03-07 18:27:42 1,843,712 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\SQLSTPCustomDLL.dll + 2006-02-17 19:04:48 371,424 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\spuninst\updspapi.dll + 2003-02-20 22:39:06 503,808 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqloledb.dll + 2003-02-20 22:39:04 401,408 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqlsrv32.dll + 2003-02-20 21:28:06 204,800 -c----w C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$\sqlxmlx.dll - 2006-11-24 05:01:03 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2007-12-05 18:59:21 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2006-11-24 05:01:13 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2007-12-05 18:59:30 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2006-11-24 05:01:14 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2007-12-05 18:59:30 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2006-11-24 05:01:15 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2007-12-05 18:59:32 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2006-11-24 05:01:09 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2007-12-05 18:59:27 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2006-11-24 05:00:59 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2007-12-05 18:59:17 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2006-11-24 05:00:59 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2007-12-05 18:59:17 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2006-11-24 05:01:21 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2007-12-05 18:59:36 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2006-11-24 05:01:05 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2007-12-05 18:59:23 5,029,888 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2006-11-24 05:01:02 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2007-12-05 18:59:20 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2006-11-24 05:00:59 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2007-12-05 18:59:17 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2006-11-24 05:01:00 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2007-12-05 18:59:18 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2006-11-24 05:01:11 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2007-12-05 18:59:28 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2006-11-24 05:01:12 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2007-12-05 18:59:29 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2006-11-24 05:01:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2007-12-05 18:59:30 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2006-11-24 05:01:01 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2007-12-05 18:59:19 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2006-11-24 05:01:01 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2007-12-05 18:59:19 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2006-11-24 05:01:01 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2007-12-05 18:59:20 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2006-11-24 05:01:02 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2007-12-05 18:59:20 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2006-11-24 05:01:00 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2007-12-05 18:59:18 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2006-11-24 05:01:27 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2007-12-05 18:59:38 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2006-11-24 05:01:24 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2007-12-05 18:59:38 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2006-11-24 05:00:56 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2007-12-05 18:59:16 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2006-11-24 05:01:23 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2007-12-05 18:59:38 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2006-11-24 05:01:28 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2007-12-05 18:59:39 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2006-11-24 05:00:58 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2007-12-05 18:59:17 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2006-11-24 05:00:57 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2007-12-05 18:59:16 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2006-11-24 05:00:58 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2007-12-05 18:59:17 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2006-11-24 05:01:18 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2007-12-05 18:59:34 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2006-11-24 05:01:03 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2007-12-05 18:59:21 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2006-11-24 05:01:19 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2007-12-05 18:59:35 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2006-11-24 05:01:15 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2007-12-05 18:59:33 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2006-11-24 05:00:59 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2007-12-05 18:59:18 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2006-11-24 05:01:10 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2007-12-05 18:59:28 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2006-11-24 05:01:04 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2007-12-05 18:59:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2006-11-24 05:01:03 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2007-12-05 18:59:22 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2006-11-24 05:01:04 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2007-12-05 18:59:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2006-11-24 05:01:20 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2007-12-05 18:59:36 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2006-11-24 05:01:16 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2007-12-05 18:59:33 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2006-11-24 05:01:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2007-12-05 18:59:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2006-11-24 05:01:17 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2007-12-05 18:59:34 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2006-11-24 05:01:17 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2007-12-05 18:59:34 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2006-11-24 05:01:02 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2007-12-05 18:59:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2006-11-24 05:01:04 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2007-12-05 18:59:23 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2006-11-24 05:01:22 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2007-12-05 18:59:37 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2006-11-24 05:01:06 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2007-12-05 18:59:24 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2006-11-24 05:01:06 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2007-12-05 18:59:25 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2006-11-24 05:01:07 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2007-12-05 18:59:25 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2006-11-24 05:01:08 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2007-12-05 18:59:26 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2006-11-24 05:01:20 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2007-12-05 18:59:35 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2007-12-05 19:10:03 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\075d91fc61611548ab60c11a6f209fe7\AspNetMMCExt.ni.dll + 2007-12-05 19:10:09 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\250d2d891dc83340b5ee6ea8ff80a017\Microsoft.VisualBasic.ni.dll + 2007-12-05 19:00:32 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\5b177466cd2e7f4db3b4f031e6f1dcca\System.Design.ni.dll + 2007-12-05 19:10:49 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dea6c6193d69c44686ffbf6ad369a227\System.Web.Mobile.ni.dll + 2007-12-05 19:10:54 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\4309dcb77ff22f47beea2c4ced23194f\System.Web.Services.ni.dll + 2007-12-05 19:10:42 11,845,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\c4f9d33540930e41b2e4f06a98fcf7b5\System.Web.ni.dll + 2007-12-05 18:45:10 5,025,792 ------w C:\WINDOWS\assembly\temp\4GKOSW26AD\System.Web.dll + 2007-12-05 18:45:01 368,640 ------w C:\WINDOWS\assembly\temp\W9DHLPTW04\System.Management.dll + 2007-12-05 18:45:01 299,008 ------w C:\WINDOWS\assembly\temp\ZDHKOSW048\System.Runtime.Remoting.dll - 2004-10-12 16:22:52 436,608 ----a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys + 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys + 2006-08-16 09:27:12 11,776 ------w C:\WINDOWS\Driver Cache\i386\tunmp.sys - 2005-09-23 12:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll + 2006-04-14 11:08:30 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll - 2005-09-23 12:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2006-09-12 22:10:46 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe - 2005-09-23 12:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2006-09-12 22:11:12 5,029,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll - 2005-09-23 12:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2006-09-12 22:10:46 300,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll - 2004-09-12 22:11:00 86,327 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat + 2007-12-05 19:59:03 82,367 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat - 2004-09-12 22:11:01 16,752 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin + 2007-12-05 19:59:03 16,142 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin - 2002-08-29 10:40:50 489,984 ----a-w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll + 2004-08-09 13:34:56 489,984 ----a-w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll - 2004-09-13 00:31:41 47,580 ----a-w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com + 2005-01-05 21:05:27 47,580 ----a-w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com - 2003-07-10 16:19:02 95,232 ----a-w C:\WINDOWS\system32\6to4svc.dll + 2006-08-16 12:14:23 95,232 ----a-w C:\WINDOWS\system32\6to4svc.dll - 2005-06-18 04:16:18 1,017,856 ----a-w C:\WINDOWS\system32\BROWSEUI.DLL + 2006-09-04 06:23:53 1,027,072 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-31 00:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2002-08-29 10:40:50 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll + 2006-06-22 05:19:48 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll - 2002-08-29 10:40:50 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll + 2006-08-25 15:53:55 561,664 ----a-w C:\WINDOWS\system32\comctl32.dll - 2007-12-04 19:50:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-05 22:23:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-12-04 19:50:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-12-05 22:23:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-12-04 19:50:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-05 22:23:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2005-09-02 16  58 986,112 ----a-w C:\WINDOWS\system32\DANIM.DLL+ 2005-10-21 01:08:44 986,112 ----a-w C:\WINDOWS\system32\DANIM.DLL - 2003-02-20 22:39:04 73,728 ----a-w C:\WINDOWS\system32\dbnetlib.dll + 2006-03-07 18:27:18 73,728 ----a-w C:\WINDOWS\system32\dbnetlib.dll - 2003-02-20 22:39:44 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll + 2006-03-07 18:27:18 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll - 2003-10-07 01:30:25 99,840 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll + 2006-05-19 12:15:32 103,936 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll - 2003-07-10 16:19:02 95,232 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll + 2006-08-16 12:14:23 95,232 ------w C:\WINDOWS\system32\dllcache\6to4svc.dll - 2005-06-18 04:16:18 1,017,856 -c--a-w C:\WINDOWS\system32\dllcache\BROWSEUI.DLL + 2006-09-04 06:23:53 1,027,072 ------w C:\WINDOWS\system32\dllcache\browseui.dll - 2007-04-17 02:45:28 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-31 00:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2002-08-29 10:40:50 64,512 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll + 2006-06-22 05:19:48 64,512 ------w C:\WINDOWS\system32\dllcache\ciodm.dll - 2002-08-29 10:40:50 557,056 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll + 2006-08-25 15:53:55 561,664 ------w C:\WINDOWS\system32\dllcache\comctl32.dll - 2005-09-02 16 58 986,112 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll+ 2005-10-21 01:08:44 986,112 -c--a-w C:\WINDOWS\system32\dllcache\DANIM.DLL - 2003-02-20 22:39:04 73,728 -c--a-w C:\WINDOWS\system32\dllcache\dbnetlib.dll + 2006-03-07 18:27:18 73,728 ------w C:\WINDOWS\system32\dllcache\dbnetlib.dll + 2006-03-07 18:27:18 28,672 ------w C:\WINDOWS\system32\dllcache\dbnmpntw.dll + 2006-05-19 12:15:32 103,936 ------w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll - 2003-03-03 20:57:20 75,776 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll + 2006-02-27 18:31:38 75,776 ------w C:\WINDOWS\system32\dllcache\directdb.dll - 2002-08-29 10:40:50 139,264 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2006-06-26 17:47:50 140,288 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2002-08-29 10:40:52 337,920 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2006-06-09 19:35:50 351,744 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2005-09-02 21:35:16 192,000 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2006-06-09 19:35:30 192,512 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2001-08-23 12:00:00 1,018,368 ----a-w C:\WINDOWS\system32\dllcache\esent.dll + 2005-10-20 22:33:08 991,232 ------w C:\WINDOWS\system32\dllcache\esent.dll - 2001-08-23 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll + 2005-10-17 21:29:53 77,824 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll - 2005-10-06 03:19:32 260,608 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll + 2006-01-02 22:38:03 260,608 ------w C:\WINDOWS\system32\dllcache\gdi32.dll - 2002-08-29 10:40:56 183,296 -c--a-w C:\WINDOWS\system32\dllcache\gptext.dll + 2004-08-25 22:07:34 183,808 ------w C:\WINDOWS\system32\dllcache\gptext.dll - 2004-11-16 21:32:24 68,096 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll + 2006-07-21 08:30:50 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll - 2005-02-18 17:43:20 236,032 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2006-02-24 20:24:42 236,032 ------w C:\WINDOWS\system32\dllcache\iepeers.dll - 2005-05-03 20:26:50 596,480 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2006-02-27 18:31:54 596,480 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2003-07-10 16:19:06 31,232 -c--a-w C:\WINDOWS\system32\dllcache\inetmib1.dll + 2006-08-16 12:14:23 31,232 ------w C:\WINDOWS\system32\dllcache\inetmib1.dll - 2002-10-11 19:08:36 47,616 -c--a-w C:\WINDOWS\system32\dllcache\inetres.dll + 2006-02-27 18:31:50 47,616 ------w C:\WINDOWS\system32\dllcache\inetres.dll - 2003-07-10 16:19:08 79,872 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll + 2006-08-16 12:14:23 83,456 ------w C:\WINDOWS\system32\dllcache\iphlpapi.dll - 2002-08-29 09:07:22 57,984 -c--a-w C:\WINDOWS\system32\dllcache\ipsec.sys + 2006-05-13 10:13:31 74,368 ------w C:\WINDOWS\system32\dllcache\ipsec.sys - 2001-08-23 12:00:00 332,800 -c--a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll + 2006-05-14 09:13:41 334,848 ------w C:\WINDOWS\system32\dllcache\ipsecsnp.dll + 2006-05-14 09:13:41 159,744 ------w C:\WINDOWS\system32\dllcache\ipsecsvc.dll - 2001-08-23 12:00:00 364,032 -c--a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll + 2006-05-14 09:13:41 364,544 ------w C:\WINDOWS\system32\dllcache\ipsmsnap.dll - 2003-06-30 20:30:58 48,640 -c--a-w C:\WINDOWS\system32\dllcache\ipv6.exe + 2006-08-16 09:28:55 48,640 ------w C:\WINDOWS\system32\dllcache\ipv6.exe - 2003-07-10 16:19:08 54,272 -c--a-w C:\WINDOWS\system32\dllcache\ipv6mon.dll + 2006-08-16 12:14:23 54,272 ------w C:\WINDOWS\system32\dllcache\ipv6mon.dll - 2001-08-23 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\jgdw400.dll + 2006-05-27 03:19:50 163,840 -c--a-w C:\WINDOWS\system32\dllcache\JGDW400.DLL - 2001-08-23 12:00:00 42,496 -c--a-w C:\WINDOWS\system32\dllcache\jgpl400.dll + 2006-04-06 21:15:48 27,648 -c--a-w C:\WINDOWS\system32\dllcache\JGPL400.DLL - 2004-08-10 01:27:02 466,944 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2006-05-18 05:58:56 458,752 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2001-08-23 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2006-04-28 15:58:48 12,288 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-06-17 17:58:35 930,816 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll + 2006-07-05 10:46:36 928,768 ------w C:\WINDOWS\system32\dllcache\kernel32.dll - 2001-08-23 12:00:00 172,672 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys + 2005-04-26 01:58:03 173,312 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys - 2004-10-12 16:22:52 436,608 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys + 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys - 2003-02-20 22:38:58 315,392 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2006-03-07 18:27:22 315,392 ------w C:\WINDOWS\system32\dllcache\msadce.dll - 2003-02-20 22:39:08 135,168 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll + 2006-03-07 18:27:22 135,168 ------w C:\WINDOWS\system32\dllcache\msadco.dll - 2003-02-20 22:39:10 49,152 -c--a-w C:\WINDOWS\system32\dllcache\msadcs.dll + 2006-03-07 18:27:22 49,152 ------w C:\WINDOWS\system32\dllcache\msadcs.dll - 2003-02-20 22:39:00 147,456 -c--a-w C:\WINDOWS\system32\dllcache\msadds.dll + 2006-03-07 18:27:22 147,456 ------w C:\WINDOWS\system32\dllcache\msadds.dll - 2003-02-20 22:39:00 512,000 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll + 2006-03-07 18:27:24 507,904 ------w C:\WINDOWS\system32\dllcache\msado15.dll - 2003-02-20 22:39:16 163,840 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll + 2006-03-07 18:27:24 163,840 ------w C:\WINDOWS\system32\dllcache\msadomd.dll - 2003-02-20 22:39:16 184,320 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll + 2006-03-07 18:27:24 184,320 ------w C:\WINDOWS\system32\dllcache\msadox.dll - 2003-02-20 22:39:00 53,248 -c--a-w C:\WINDOWS\system32\dllcache\msadrh15.dll + 2006-03-07 18:27:24 53,248 ------w C:\WINDOWS\system32\dllcache\msadrh15.dll - 2003-02-20 22:39:20 225,280 -c--a-w C:\WINDOWS\system32\dllcache\msdaora.dll + 2006-03-07 18:27:24 225,280 ------w C:\WINDOWS\system32\dllcache\msdaora.dll - 2003-02-20 22:39:00 192,512 -c--a-w C:\WINDOWS\system32\dllcache\msdaprst.dll + 2006-03-07 18:27:24 192,512 ------w C:\WINDOWS\system32\dllcache\msdaprst.dll - 2003-02-20 22:39:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msdart.dll + 2006-03-07 18:27:18 147,456 ------w C:\WINDOWS\system32\dllcache\msdart.dll - 2003-02-20 22:39:00 303,104 -c--a-w C:\WINDOWS\system32\dllcache\msdasql.dll + 2006-03-07 18:27:24 303,104 ------w C:\WINDOWS\system32\dllcache\msdasql.dll - 2005-07-26 04:31:12 368,640 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll + 2006-03-01 19:44:39 368,640 ------w C:\WINDOWS\system32\dllcache\msdtcprx.dll - 2005-07-26 04:31:12 973,824 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll + 2006-03-01 19:44:39 974,336 ------w C:\WINDOWS\system32\dllcache\msdtctm.dll - 2005-07-26 04:31:12 150,528 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll + 2006-03-01 19:44:39 150,528 ------w C:\WINDOWS\system32\dllcache\msdtcuiu.dll - 2005-10-04 17:19:14 2,700,288 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2006-06-30 15:28:26 2,703,872 ------w C:\WINDOWS\system32\dllcache\mshtml.dll - 2003-03-03 20:57:20 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msident.dll + 2006-02-27 18:29:32 44,032 ------w C:\WINDOWS\system32\dllcache\msident.dll - 2003-03-03 20:57:18 56,832 -c--a-w C:\WINDOWS\system32\dllcache\msimn.exe + 2006-02-27 18:32:04 56,832 ------w C:\WINDOWS\system32\dllcache\msimn.exe - 2005-05-03 20:26:56 1,176,064 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll + 2006-02-27 18:32:00 1,176,064 ------w C:\WINDOWS\system32\dllcache\msoe.dll - 2003-03-03 20:57:20 228,864 -c--a-w C:\WINDOWS\system32\dllcache\msoeacct.dll + 2006-02-27 18:31:40 229,376 ------w C:\WINDOWS\system32\dllcache\msoeacct.dll - 2002-10-11 19:09:02 2,479,616 -c--a-w C:\WINDOWS\system32\dllcache\msoeres.dll + 2006-02-27 18:32:08 2,479,616 ------w C:\WINDOWS\system32\dllcache\msoeres.dll - 2003-03-03 20:57:18 91,136 -c--a-w C:\WINDOWS\system32\dllcache\msoert2.dll + 2006-02-27 18:31:36 91,136 ------w C:\WINDOWS\system32\dllcache\msoert2.dll - 2003-02-20 22:39:30 139,264 -c--a-w C:\WINDOWS\system32\dllcache\msorcl32.dll + 2006-03-07 18:27:18 139,264 ------w C:\WINDOWS\system32\dllcache\msorcl32.dll - 2005-09-02 21:35:12 496,128 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2006-03-03 21:13:30 498,176 ------w C:\WINDOWS\system32\dllcache\mstime.dll - 2002-12-19 17 54 1,129,472 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll+ 2006-09-13 05:09:16 1,110,528 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll - 2005-07-26 04:31:12 64,512 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll + 2006-03-01 19:44:39 64,512 ------w C:\WINDOWS\system32\dllcache\mtxclu.dll - 2005-07-26 04:31:13 83,456 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll + 2006-03-01 19:44:39 83,456 ------w C:\WINDOWS\system32\dllcache\mtxoci.dll - 2004-06-08 22:02:21 306,688 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll + 2006-07-14 15:53:28 307,200 ------w C:\WINDOWS\system32\dllcache\netapi32.dll - 2003-06-30 20:33:20 83,456 -c--a-w C:\WINDOWS\system32\dllcache\netsh.exe + 2006-08-16 09:27:50 83,456 ------w C:\WINDOWS\system32\dllcache\netsh.exe - 2002-08-29 10:41:08 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll + 2005-11-29 21:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll + 2006-05-14 09:13:41 257,536 ------w C:\WINDOWS\system32\dllcache\oakley.dll - 2003-02-20 22:39:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\odbc32.dll + 2006-03-07 18:27:18 221,184 ------w C:\WINDOWS\system32\dllcache\odbc32.dll + 2006-03-07 18:27:20 24,576 ------w C:\WINDOWS\system32\dllcache\odbcbcp.dll - 2003-03-03 20:57:20 93,184 -c--a-w C:\WINDOWS\system32\dllcache\oeimport.dll + 2006-02-27 18:31:58 93,184 ------w C:\WINDOWS\system32\dllcache\oeimport.dll - 2003-03-03 20:57:18 55,808 -c--a-w C:\WINDOWS\system32\dllcache\oemig50.exe + 2006-02-27 18:32:08 55,808 ------w C:\WINDOWS\system32\dllcache\oemig50.exe - 2003-03-03 20:57:16 31,744 -c--a-w C:\WINDOWS\system32\dllcache\oemiglib.dll + 2006-02-27 18:32:10 31,744 ------w C:\WINDOWS\system32\dllcache\oemiglib.dll - 2003-02-20 22:39:02 442,368 -c--a-w C:\WINDOWS\system32\dllcache\oledb32.dll + 2006-03-07 18:27:24 442,368 ------w C:\WINDOWS\system32\dllcache\oledb32.dll - 2001-08-23 12:00:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\polstore.dll + 2006-05-14 09:13:41 98,304 ------w C:\WINDOWS\system32\dllcache\polstore.dll - 2002-08-29 10:41:10 1,349,120 -c--a-w C:\WINDOWS\system32\dllcache\query.dll + 2006-06-22 05:19:49 1,350,144 ------w C:\WINDOWS\system32\dllcache\query.dll - 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll + 2006-06-26 17:47:50 6,144 ------w C:\WINDOWS\system32\dllcache\rasadhlp.dll + 2006-06-22 10:59:17 169,984 ------w C:\WINDOWS\system32\dllcache\rasmans.dll - 2004-10-12 16:22:24 170,112 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys + 2006-05-05 09:40:31 166,656 ------w C:\WINDOWS\system32\dllcache\rdbss.sys - 2001-08-23 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2006-07-13 08:41:42 199,936 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2005-06-18 04:15:18 1,338,368 -c--a-w C:\WINDOWS\system32\dllcache\SHDOCVW.DLL + 2006-09-04 06:23:53 1,351,680 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2005-09-23 03:27:32 8,348,672 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll + 2006-07-13 13:46:56 8,353,280 ------w C:\WINDOWS\system32\dllcache\shell32.dll - 2005-08-31 23:49:30 409,088 -c--a-w C:\WINDOWS\system32\dllcache\SHLWAPI.DLL + 2005-09-01 01:49:30 409,088 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2006-03-07 18:27:24 503,808 ------w C:\WINDOWS\system32\dllcache\sqloledb.dll + 2006-03-07 18:27:20 401,408 ------w C:\WINDOWS\system32\dllcache\sqlsrv32.dll - 2003-02-20 21:28:06 204,800 -c--a-w C:\WINDOWS\system32\dllcache\sqlxmlx.dll + 2006-03-07 18:27:24 208,896 ------w C:\WINDOWS\system32\dllcache\sqlxmlx.dll - 2002-11-14 20:50:42 226,816 -c--a-w C:\WINDOWS\system32\dllcache\srrstr.dll + 2005-10-27 19 37 226,816 ------w C:\WINDOWS\system32\dllcache\srrstr.dll- 2005-05-10 00:39:23 321,280 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys + 2006-08-14 08:59:20 321,536 ------w C:\WINDOWS\system32\dllcache\srv.sys - 2001-08-23 12:00:00 198,656 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll + 2005-10-17 21:29:54 111,616 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll - 2005-05-25 19:41:10 339,968 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2006-04-20 11:38:44 340,480 ------w C:\WINDOWS\system32\dllcache\tcpip.sys - 2003-06-30 20:30:56 203,008 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2006-08-16 09:28:57 205,120 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2003-06-30 20:35:10 11,776 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys + 2006-08-16 09:27:12 11,776 ------w C:\WINDOWS\system32\dllcache\tunmp.sys - 2005-09-02 20:19:16 457,216 -c--a-w C:\WINDOWS\system32\dllcache\URLMON.DLL + 2006-08-31 01:42:56 461,824 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2002-08-29 10:41:18 802,304 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2006-09-18 19:20:10 851,456 ------w C:\WINDOWS\system32\dllcache\vgx.dll - 2003-03-03 20:57:20 42,496 -c--a-w C:\WINDOWS\system32\dllcache\wab.exe + 2006-02-27 18:31:46 42,496 ------w C:\WINDOWS\system32\dllcache\wab.exe - 2004-06-24 19:54:44 463,360 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll + 2006-03-16 21:08:34 465,408 ------w C:\WINDOWS\system32\dllcache\wab32.dll - 2003-03-03 20:57:18 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wabfind.dll + 2006-02-27 18:31:48 30,208 ------w C:\WINDOWS\system32\dllcache\wabfind.dll - 2003-03-03 20:57:20 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll + 2006-02-27 18:31:44 77,824 ------w C:\WINDOWS\system32\dllcache\wabimp.dll - 2003-03-03 20:57:18 27,648 -c--a-w C:\WINDOWS\system32\dllcache\wabmig.exe + 2006-02-27 18:31:42 27,648 ------w C:\WINDOWS\system32\dllcache\wabmig.exe + 2007-04-10 19:00:46 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll + 2007-04-10 19:01:18 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe - 2005-06-18 03:49:00 574,976 -c--a-w C:\WINDOWS\system32\dllcache\WININET.DLL + 2006-06-23 16:33:58 575,488 ------w C:\WINDOWS\system32\dllcache\wininet.dll - 2001-08-23 12:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\winipsec.dll + 2006-05-14 09:13:41 29,184 ------w C:\WINDOWS\system32\dllcache\winipsec.dll - 2003-09-17 04:25:40 4,706,304 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2006-04-29 11:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll - 2003-07-10 16:19:10 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ws2_32.dll + 2006-08-16 12:14:23 70,656 ------w C:\WINDOWS\system32\dllcache\ws2_32.dll - 2003-07-10 16:19:06 13,312 -c--a-w C:\WINDOWS\system32\dllcache\wship6.dll + 2006-08-16 12:14:23 13,312 ------w C:\WINDOWS\system32\dllcache\wship6.dll - 2007-04-17 02:45:20 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-31 00:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-04-17 02:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-31 00:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2005-07-26 04:31:13 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll + 2006-03-01 19:44:39 11,776 ------w C:\WINDOWS\system32\dllcache\xolehlp.dll - 2002-08-29 10:40:50 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2006-06-26 17:47:50 140,288 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2002-08-29 10:40:44 68,992 ------w C:\WINDOWS\system32\drivers\_004445_.tmp.dll - 2002-08-29 09:07:22 57,984 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys + 2006-05-13 10:13:31 74,368 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys - 2001-08-23 12:00:00 172,672 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys + 2005-04-26 01:58:03 173,312 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys - 2004-10-12 16:22:52 436,608 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys + 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys - 2004-10-12 16:22:24 170,112 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys + 2006-05-05 09:40:31 166,656 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys - 2001-08-23 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys + 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys - 2005-05-10 00:39:23 321,280 ----a-w C:\WINDOWS\system32\drivers\srv.sys + 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\system32\drivers\srv.sys - 2005-05-25 19:41:10 339,968 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2006-04-20 11:38:44 340,480 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2003-06-30 20:30:56 203,008 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2006-08-16 09:28:57 205,120 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2003-06-30 20:35:10 11,776 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys + 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys - 2002-08-29 10:40:52 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2006-06-09 19:35:50 351,744 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2005-09-02 21:35:16 192,000 ----a-w C:\WINDOWS\system32\DXTRANS.DLL + 2006-06-09 19:35:30 192,512 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2001-08-23 12:00:00 1,018,368 ----a-w C:\WINDOWS\system32\esent.dll + 2005-10-20 22:33:08 991,232 ----a-w C:\WINDOWS\system32\esent.dll - 2001-08-23 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll + 2005-10-17 21:29:53 77,824 ----a-w C:\WINDOWS\system32\fontsub.dll - 2005-10-06 03:19:32 260,608 ----a-w C:\WINDOWS\system32\gdi32.dll + 2006-01-02 22:38:03 260,608 ----a-w C:\WINDOWS\system32\gdi32.dll - 2002-08-29 10:40:56 183,296 ----a-w C:\WINDOWS\system32\gptext.dll + 2004-08-25 22:07:34 183,808 ----a-w C:\WINDOWS\system32\gptext.dll - 2004-11-16 21:32:24 68,096 ----a-w C:\WINDOWS\system32\hlink.dll + 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\system32\hlink.dll - 2005-02-18 17:43:20 236,032 ----a-w C:\WINDOWS\system32\IEPEERS.DLL + 2006-02-24 20:24:42 236,032 ----a-w C:\WINDOWS\system32\iepeers.dll - 2005-05-03 20:26:50 596,480 ----a-w C:\WINDOWS\system32\INETCOMM.DLL + 2006-02-27 18:31:54 596,480 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2003-07-10 16:19:06 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll + 2006-08-16 12:14:23 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll - 2002-10-11 19:08:36 47,616 ----a-w C:\WINDOWS\system32\inetres.dll + 2006-02-27 18:31:50 47,616 ----a-w C:\WINDOWS\system32\inetres.dll - 2003-07-10 16:19:08 79,872 ----a-w C:\WINDOWS\system32\iphlpapi.dll + 2006-08-16 12:14:23 83,456 ----a-w C:\WINDOWS\system32\iphlpapi.dll - 2001-08-23 12:00:00 332,800 ----a-w C:\WINDOWS\system32\ipsecsnp.dll + 2006-05-14 09:13:41 334,848 ----a-w C:\WINDOWS\system32\ipsecsnp.dll - 2002-08-29 10:40:58 155,648 ----a-w C:\WINDOWS\system32\ipsecsvc.dll + 2006-05-14 09:13:41 159,744 ----a-w C:\WINDOWS\system32\ipsecsvc.dll - 2001-08-23 12:00:00 364,032 ----a-w C:\WINDOWS\system32\ipsmsnap.dll + 2006-05-14 09:13:41 364,544 ----a-w C:\WINDOWS\system32\ipsmsnap.dll - 2003-06-30 20:30:58 48,640 ----a-w C:\WINDOWS\system32\ipv6.exe + 2006-08-16 09:28:55 48,640 ----a-w C:\WINDOWS\system32\ipv6.exe - 2003-07-10 16:19:08 54,272 ----a-w C:\WINDOWS\system32\ipv6mon.dll + 2006-08-16 12:14:23 54,272 ----a-w C:\WINDOWS\system32\ipv6mon.dll - 2001-08-23 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll + 2006-05-27 03:19:50 163,840 ----a-w C:\WINDOWS\system32\JGDW400.DLL - 2001-08-23 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll + 2006-04-06 21:15:48 27,648 ----a-w C:\WINDOWS\system32\JGPL400.DLL - 2004-08-10 01:27:02 466,944 ----a-w C:\WINDOWS\system32\jscript.dll + 2006-05-18 05:58:56 458,752 ----a-w C:\WINDOWS\system32\jscript.dll - 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2006-04-28 15:58:48 12,288 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2004-06-17 17:58:35 930,816 ----a-w C:\WINDOWS\system32\kernel32.dll + 2006-07-05 10:46:36 928,768 ----a-w C:\WINDOWS\system32\kernel32.dll - 2005-11-04 21:27:24 534,280 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL + 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll - 2007-12-04 19:56:35 4,593 --sha-w C:\WINDOWS\system32\mmf.sys + 2007-12-05 22:32:16 4,593 --sha-w C:\WINDOWS\system32\mmf.sys - 2003-02-20 22:39:00 143,360 ----a-w C:\WINDOWS\system32\msdart.dll + 2006-03-07 18:27:18 147,456 ----a-w C:\WINDOWS\system32\msdart.dll - 2005-07-26 04:31:12 368,640 ----a-w C:\WINDOWS\system32\msdtcprx.dll + 2006-03-01 19:44:39 368,640 ----a-w C:\WINDOWS\system32\msdtcprx.dll - 2005-07-26 04:31:12 973,824 ----a-w C:\WINDOWS\system32\msdtctm.dll + 2006-03-01 19:44:39 974,336 ----a-w C:\WINDOWS\system32\msdtctm.dll - 2005-07-26 04:31:12 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll + 2006-03-01 19:44:39 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll - 2005-10-04 17:19:14 2,700,288 ----a-w C:\WINDOWS\system32\MSHTML.DLL + 2006-06-30 15:28:26 2,703,872 ----a-w C:\WINDOWS\system32\mshtml.dll - 2003-03-03 20:57:20 44,032 ----a-w C:\WINDOWS\system32\msident.dll + 2006-02-27 18:29:32 44,032 ----a-w C:\WINDOWS\system32\msident.dll - 2003-03-03 20:57:20 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll + 2006-02-27 18:31:40 229,376 ----a-w C:\WINDOWS\system32\msoeacct.dll - 2003-03-03 20:57:18 91,136 ----a-w C:\WINDOWS\system32\msoert2.dll + 2006-02-27 18:31:36 91,136 ----a-w C:\WINDOWS\system32\msoert2.dll - 2003-02-20 22:39:30 139,264 ----a-w C:\WINDOWS\system32\msorcl32.dll + 2006-03-07 18:27:18 139,264 ----a-w C:\WINDOWS\system32\msorcl32.dll - 2005-09-02 21:35:12 496,128 ----a-w C:\WINDOWS\system32\MSTIME.DLL + 2006-03-03 21:13:30 498,176 ----a-w C:\WINDOWS\system32\mstime.dll - 2002-12-19 17 54 1,129,472 ----a-w C:\WINDOWS\system32\msxml3.dll+ 2006-09-13 05:09:16 1,110,528 ----a-w C:\WINDOWS\system32\msxml3.dll - 2005-07-26 04:31:12 64,512 ----a-w C:\WINDOWS\system32\mtxclu.dll + 2006-03-01 19:44:39 64,512 ----a-w C:\WINDOWS\system32\mtxclu.dll - 2005-07-26 04:31:13 83,456 ----a-w C:\WINDOWS\system32\mtxoci.dll + 2006-03-01 19:44:39 83,456 ----a-w C:\WINDOWS\system32\mtxoci.dll - 2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll + 2007-07-31 00:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll - 2004-06-08 22:02:21 306,688 ----a-w C:\WINDOWS\system32\netapi32.dll + 2006-07-14 15:53:28 307,200 ----a-w C:\WINDOWS\system32\netapi32.dll - 2003-06-30 20:33:20 83,456 ----a-w C:\WINDOWS\system32\netsh.exe + 2006-08-16 09:27:50 83,456 ----a-w C:\WINDOWS\system32\netsh.exe - 2002-08-29 10:41:10 328,704 ----a-w C:\WINDOWS\system32\oakley.dll + 2006-05-14 09:13:41 257,536 ----a-w C:\WINDOWS\system32\oakley.dll - 2003-02-20 22:39:02 221,184 ----a-w C:\WINDOWS\system32\odbc32.dll + 2006-03-07 18:27:18 221,184 ----a-w C:\WINDOWS\system32\odbc32.dll - 2003-02-20 22:39:42 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll + 2006-03-07 18:27:20 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll - 2007-12-04 06:02:23 70,028 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-05 18:59:52 70,028 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-04 06:02:23 418,894 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-05 18:59:52 418,894 ----a-w C:\WINDOWS\system32\perfh009.dat - 2001-08-23 12:00:00 87,552 ----a-w C:\WINDOWS\system32\polstore.dll + 2006-05-14 09:13:41 98,304 ----a-w C:\WINDOWS\system32\polstore.dll - 2002-08-29 10:41:10 1,349,120 ----a-w C:\WINDOWS\system32\query.dll + 2006-06-22 05:19:49 1,350,144 ----a-w C:\WINDOWS\system32\query.dll - 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll + 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll - 2002-08-29 10:41:10 158,720 ----a-w C:\WINDOWS\system32\rasmans.dll + 2006-06-22 10:59:17 169,984 ----a-w C:\WINDOWS\system32\rasmans.dll + 2001-08-17 13:58:02 27,392 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\VIAAGP.SYS + 2002-12-17 22:16:18 32,512 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\amdk7.sys - 2002-04-10 22:18:00 4,573 ----a-w C:\WINDOWS\system32\secupd.dat + 2004-08-02 19:20:40 4,569 ------w C:\WINDOWS\system32\secupd.dat - 2005-06-18 04:15:18 1,338,368 ----a-w C:\WINDOWS\system32\SHDOCVW.DLL + 2006-09-04 06:23:53 1,351,680 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2005-09-23 03:27:32 8,348,672 ----a-w C:\WINDOWS\system32\shell32.dll + 2006-07-13 13:46:56 8,353,280 ----a-w C:\WINDOWS\system32\shell32.dll + 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll + 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll + 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll - 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll + 2006-12-10 19:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll - 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2003-02-20 22:39:04 401,408 ----a-w C:\WINDOWS\system32\sqlsrv32.dll + 2006-03-07 18:27:20 401,408 ----a-w C:\WINDOWS\system32\sqlsrv32.dll - 2002-11-14 20:50:42 226,816 ----a-w C:\WINDOWS\system32\srrstr.dll + 2005-10-27 19 37 226,816 ----a-w C:\WINDOWS\system32\srrstr.dll- 2001-08-23 12:00:00 198,656 ----a-w C:\WINDOWS\system32\t2embed.dll + 2005-10-17 21:29:54 111,616 ----a-w C:\WINDOWS\system32\t2embed.dll - 2005-09-02 20:19:16 457,216 ----a-w C:\WINDOWS\system32\URLMON.DLL + 2006-08-31 01:42:56 461,824 ----a-w C:\WINDOWS\system32\urlmon.dll + 2006-03-17 00:49:30 25,600 ------w C:\WINDOWS\system32\verclsid.exe - 2002-08-29 10:41:18 61,952 ----a-w C:\WINDOWS\system32\webclnt.dll + 2006-01-04 03:37:34 64,000 ----a-w C:\WINDOWS\system32\webclnt.dll + 2007-04-10 19:00:46 236,928 ------w C:\WINDOWS\system32\WgaLogon.dll + 2007-04-10 19:01:18 336,768 ------w C:\WINDOWS\system32\WgaTray.exe - 2005-06-18 03:49:00 574,976 ----a-w C:\WINDOWS\system32\WININET.DLL + 2006-06-23 16:33:58 575,488 ----a-w C:\WINDOWS\system32\wininet.dll - 2001-08-23 12:00:00 25,600 ----a-w C:\WINDOWS\system32\winipsec.dll + 2006-05-14 09:13:41 29,184 ----a-w C:\WINDOWS\system32\winipsec.dll - 2004-08-11 05:45:04 5,550,080 ----a-w C:\WINDOWS\system32\wmp.dll + 2006-04-29 11:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll - 2003-07-10 16:19:10 70,656 ----a-w C:\WINDOWS\system32\ws2_32.dll + 2006-08-16 12:14:23 70,656 ----a-w C:\WINDOWS\system32\ws2_32.dll - 2003-07-10 16:19:06 13,312 ----a-w C:\WINDOWS\system32\wship6.dll + 2006-08-16 12:14:23 13,312 ----a-w C:\WINDOWS\system32\wship6.dll - 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-31 00:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll - 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-04-17 02:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-31 00:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll - 2005-07-26 04:31:13 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll + 2006-03-01 19:44:39 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll - 2004-06-30 23:59:25 158,720 ----a-w C:\WINDOWS\system32\xpob2res.dll + 2006-08-16 09:42:14 159,232 ----a-w C:\WINDOWS\system32\xpob2res.dll - 2005-09-27 00:40:49 594,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll + 2006-08-25 09:14:17 595,968 ----a-w C:\WINDOWS\system32\xpsp2res.dll + 2006-03-17 05:04:12 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll + 2006-07-13 13:46:53 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll + 2006-08-25 15:53:52 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll - 2006-11-24 05:00:59 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2007-12-05 18:59:17 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2006-11-24 05:00:59 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2007-12-05 18:59:17 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 13:34] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk] path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer] 2002-08-29 05:41 91136 --a------ C:\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4] 1999-11-18 18:12 24650 --a------ C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 -ra------ C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 --a------ C:\WINDOWS\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-01-23 14:42 196608 --a------ C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys R3 Ausbflt;Ausbflt;C:\WINDOWS\System32\Drivers\Ausbflt.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\System32\drivers\atibtcap.sys S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\System32\drivers\atibtxbr.sys S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\System32\drivers\ativtutw.sys S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\System32\drivers\ativxstw.sys S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\System32\DRIVERS\GcKernel.sys S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys . Contents of the 'Scheduled Tasks' folder "2007-12-05 22:23:13 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 17:34:39 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 17:37:03 - machine was rebooted . --- E O F --- |
|
|
|
|
12-05-2007, 06:02 PM
|
#26 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14 PM, on 12/5/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1196869228943 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1196869219840 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10205 bytes |
|
|
|
|
12-05-2007, 06:04 PM
|
#27 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
BitDefender Online Scanner
Scan report generated at: Wed, Dec 05, 2007 - 19:19:07 Scan path: A:\;C:\;D:\;E:\;G:\; Statistics Time 01:32:42 Files 248646 Folders 8893 Boot Sectors 2 Archives 2150 Packed Files 13927 Results Identified Viruses 1 Infected Files 1 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 0 Engines Info Virus Definitions 880398 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 14 Archive plugins 38 Unpack plugins 7 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Program Files\Panda Security\Panda Antivirus 2008\PSKAHK.dll Infected with: Generic.Malware.SIMDWYNVdprn.172A39DE C:\Program Files\Panda Security\Panda Antivirus 2008\PSKAHK.dll Disinfection failed C:\Program Files\Panda Security\Panda Antivirus 2008\PSKAHK.dll Delete failed |
|
|
|
|
12-06-2007, 06:48 AM
|
#28 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
Hi Michael
Please go to: VirusTotal
Do the same for these files as well: C:\WINDOWS\system32\SET4AE.tmp C:\WINDOWS\imsins.BAK ===================================== Looking back at your logs i see you have Norton SystemWorks 2003 installed,if you no longer use this programme then uninstall it,also download and run the Norton Removal tool as this should remove LiveReg (Symantec Corporation),LiveUpdate 2.7 (Symantec Corporation) and Norton WMI Update. Reboot when completed ===================================== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ===================================== Logs Required Results from Virustotal Hijackthis log |
|
|
|
|
12-06-2007, 10:30 AM
|
#29 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
File shell32.dll received on 11.24.2007 17:01:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.24.0 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.24 - Avast 4.7.1074.0 2007.11.23 - AVG 7.5.0.503 2007.11.24 - BitDefender 7.2 2007.11.24 - CAT-QuickHeal 9.00 2007.11.24 - ClamAV 0.91.2 2007.11.24 - DrWeb 4.44.0.09170 2007.11.24 - eSafe 7.0.15.0 2007.11.21 - eTrust-Vet 31.3.5324 2007.11.24 - Ewido 4.0 2007.11.24 - FileAdvisor 1 2007.11.24 No threat detected, but known vulnerabilities exist Fortinet 3.14.0.0 2007.11.24 - F-Prot 4.4.2.54 2007.11.23 - F-Secure 6.70.13030.0 2007.11.23 - Ikarus T3.1.1.12 2007.11.24 - Kaspersky 7.0.0.125 2007.11.21 - McAfee 5170 2007.11.23 - Microsoft 1.3007 2007.11.24 - NOD32v2 2683 2007.11.24 - Norman 5.80.02 2007.11.23 - Panda 9.0.0.4 2007.11.24 - Prevx1 V2 2007.11.24 - Rising 20.19.51.00 2007.11.24 - Sophos 4.23.0 2007.11.24 - Sunbelt 2.2.907.0 2007.11.24 - Symantec 10 2007.11.24 - TheHacker 6.2.9.140 2007.11.24 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.24 - Webwasher-Gateway 6.0.1 2007.11.24 - Additional information File size: 8384000 bytes MD5: d5988a5048e4dc7175bca9f29fc144ae SHA1: 6e098eab085c08ae131b6356f4b150d68c0e3261 Bit9 info: http://fileadvisor.bit9.com/services...bca9f29fc144ae |
|
|
|
|
12-06-2007, 10:37 AM
|
#30 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
File SET4AE.tmp received on 12.06.2007 18:32:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Your file is queued in position: 4. Estimated start time is between 47 and 68 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.12.7.0 2007.12.06 - AntiVir 7.6.0.34 2007.12.06 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.05 - AVG 7.5.0.503 2007.12.06 - BitDefender 7.2 2007.12.06 - CAT-QuickHeal 9.00 2007.12.06 - ClamAV 0.91.2 2007.12.06 - DrWeb 4.44.0.09170 2007.12.06 - eSafe 7.0.15.0 2007.12.06 - eTrust-Vet 31.3.5356 2007.12.06 - Ewido 4.0 2007.12.06 - FileAdvisor 1 2007.12.06 No threat detected, but known vulnerabilities exist Fortinet 3.14.0.0 2007.12.06 - F-Prot 4.4.2.54 2007.12.05 - F-Secure 6.70.13030.0 2007.12.06 - Ikarus T3.1.1.12 2007.12.06 - Kaspersky 7.0.0.125 2007.12.06 - McAfee 5179 2007.12.06 - Microsoft 1.3007 2007.12.06 - NOD32v2 2706 2007.12.06 - Norman 5.80.02 2007.12.06 - Panda 9.0.0.4 2007.12.06 - Prevx1 V2 2007.12.06 - Rising 20.21.32.00 2007.12.06 - Sophos 4.24.0 2007.12.06 - Sunbelt 2.2.907.0 2007.12.05 - Symantec 10 2007.12.06 - TheHacker 6.2.9.151 2007.12.05 - VBA32 3.12.2.5 2007.12.05 - VirusBuster 4.3.26:9 2007.12.06 - Webwasher-Gateway 6.6.2 2007.12.06 - Additional information File size: 3003392 bytes MD5: 376e0843b2356ca91cec8d9837a56ff7 SHA1: 397c168ff1f4b86b807d0595ca5e7af63879975a PEiD: - Bit9 info: http://fileadvisor.bit9.com/services...ec8d9837a56ff7 |
|
|
|
|
12-06-2007, 10:50 AM
|
#31 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
File imsins.BAK received on 12.06.2007 18:39:14 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/31 (0%) Loading server information... Your file is queued in position: 3. Estimated start time is between 44 and 63 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.12.7.0 2007.12.06 - AntiVir 7.6.0.34 2007.12.06 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.05 - AVG 7.5.0.503 2007.12.06 - BitDefender 7.2 2007.12.06 - CAT-QuickHeal 9.00 2007.12.06 - ClamAV 0.91.2 2007.12.06 - DrWeb 4.44.0.09170 2007.12.06 - eSafe 7.0.15.0 2007.12.06 - eTrust-Vet 31.3.5356 2007.12.06 - Ewido 4.0 2007.12.06 - FileAdvisor 1 2007.12.06 - Fortinet 3.14.0.0 2007.12.06 - F-Prot 4.4.2.54 2007.12.05 - F-Secure 6.70.13030.0 2007.12.06 - Ikarus T3.1.1.12 2007.12.06 - Kaspersky 7.0.0.125 2007.12.06 - McAfee 5179 2007.12.06 - Microsoft 1.3007 2007.12.06 - NOD32v2 2707 2007.12.06 - Norman 5.80.02 2007.12.06 - Panda 9.0.0.4 2007.12.06 - Prevx1 V2 2007.12.06 - Rising 20.21.32.00 2007.12.06 - Sophos 4.24.0 2007.12.06 - Sunbelt 2.2.907.0 2007.12.05 - TheHacker 6.2.9.151 2007.12.05 - VBA32 3.12.2.5 2007.12.05 - VirusBuster 4.3.26:9 2007.12.06 - Webwasher-Gateway 6.6.2 2007.12.06 - Additional information File size: 1374 bytes MD5: fff50bec425fbb60277c7d11893dd75a SHA1: 514d96712ac1c620893a3da647628d872e27c8cd PEiD: - |
|
|
|
|
12-06-2007, 11:03 AM
|
#32 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:18 PM, on 12/6/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/ser...00025.000000d2 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1196869228943 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1196869219840 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10328 bytes |
|
|
|
|
12-06-2007, 02:23 PM
|
#33 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
Hi Michael
Quote:
C:\WINDOWS\system32\SET3CB.tmp Please upload the file above in red to Virustotal,post the results in your next reply. |
|
|
|
|
|
12-06-2007, 02:39 PM
|
#34 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
I don't know why it came back shell32.dll, but it did it a 2nd time when I tried to scan it, however when I clicked "scan this file again" it showed "SET3CB.tmp"
File SET3CB.tmp received on 12.06.2007 22:37:31 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/31 (3.23%) Loading server information... Your file is queued in position: 5. Estimated start time is between 50 and 72 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.12.7.0 2007.12.06 - AntiVir 7.6.0.34 2007.12.06 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.06 - AVG 7.5.0.503 2007.12.06 - BitDefender 7.2 2007.12.06 - CAT-QuickHeal 9.00 2007.12.06 - ClamAV 0.91.2 2007.12.06 - DrWeb 4.44.0.09170 2007.12.06 - eSafe 7.0.15.0 2007.12.06 - eTrust-Vet 31.3.5356 2007.12.06 - Ewido 4.0 2007.12.06 - FileAdvisor 1 2007.12.06 No threat detected, but known vulnerabilities exist Fortinet 3.14.0.0 2007.12.06 - F-Prot 4.4.2.54 2007.12.06 - F-Secure 6.70.13030.0 2007.12.06 - Ikarus T3.1.1.12 2007.12.06 - Kaspersky 7.0.0.125 2007.12.06 - McAfee 5179 2007.12.06 - Microsoft 1.3007 2007.12.06 - NOD32v2 2707 2007.12.06 - Norman 5.80.02 2007.12.06 - Panda 9.0.0.4 2007.12.06 - Rising 20.21.32.00 2007.12.06 - Sophos 4.24.0 2007.12.06 - Sunbelt 2.2.907.0 2007.12.06 - Symantec 10 2007.12.06 - TheHacker 6.2.9.151 2007.12.05 - VBA32 3.12.2.5 2007.12.05 - VirusBuster 4.3.26:9 2007.12.06 - Webwasher-Gateway 6.6.2 2007.12.06 - Additional information File size: 8384000 bytes MD5: d5988a5048e4dc7175bca9f29fc144ae SHA1: 6e098eab085c08ae131b6356f4b150d68c0e3261 PEiD: - Bit9 info: http://fileadvisor.bit9.com/services...bca9f29fc144ae Last edited by Michael Wayne; 12-06-2007 at 02:52 PM. |
|
|
|
|
12-06-2007, 03:07 PM
|
#35 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
Well done,your logs are clean.
Click start>run>type(or copy/paste command into run box): ComboFix /u Click ok. ---------------------------- Clear IE6 cookies *Open IE and click Tools *Click on Internet Options *Click on General Tab *Click on Delte Temp Files & Cookies buttons. Clear IE7 cookies *On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. *On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. *Click OK, and then click OK again. Clear Firefox cookies/cache Select "Tools" Select "Options". Select "Privacy". In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want. Click OK. In Private area click "Clear Now". ------------------------------------------------------------------------------------------- MICROSOFT UPDATES 1.Click Start,Run, type sysdm.cpl, and then press OK. 2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended). Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday". ------------------------------------------------------------------------------------------ Useful Information and Programs to keep you safe. TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages: * Content category * Phishing scam detection * Site reputation * Page reputation WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites. WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites. Note:Only compatible with Firefox 1.5 and higher. Only install one of the above -------------------------------------------------------------------------------------- Alternate Browsers Try the following free alternate browsers rather than Internet Explorer Avant Firefox Opera ------------------------------------------------------------------------------------------ Free Antispyware Products SuperAntiSpyware AVG Antispyware Free Ad-Aware Spybot S&D Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Download Spyware Guard to catch and block spyware before it can execute. ------------------------------------------------------------------ IE-Spyad is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List. Download and installation instructions for IE-Spyad Here ----------------------------------------- The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. If your having trouble downloading & extracting,see link below for guidance: http://www.mvps.org/winhelp2002/hosts2.htm Once you have extracted the host file,double click on it and a new window will open. Double-click on mvps.batand follow the prompts --------------------------------------------------------------- Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. ---------------------------------------- SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. ============================================== Also, please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. As to your problem with updating to SP2 this issue do not appear to be malware related. As our focus in this section is malware removal, you would be better served discussing your issues in the Windows XP section of this forum. Please let them know you've been cleared by the HijackThis Log Help section. Please reply to this thread once more,as we may mark this as resolved,thanks. |
|
|
|
|
12-06-2007, 03:28 PM
|
#36 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
Q before this gets closed.
what's a good anti-virus to use? and 2) I have this hidden .doc file on my desktop called "~$lliwellstarrmatch" I have no idea what it is. Should I delete this? 3) do I need Deckard's System Scanner anymore? or the belawark advisor? Last edited by Michael Wayne; 12-06-2007 at 03:34 PM. |
|
|
|
|
12-06-2007, 03:51 PM
|
#37 (permalink) | |||
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
Quote:
Quote:
Quote:
|
|||
|
|
|
|
12-06-2007, 04:50 PM
|
#39 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dłn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: search-daily.com
See if this helps http://support.microsoft.com/kb/873148
Please visit our Windows XP forum,they`ll be able to assist you.Please let them know you've been cleared by the HijackThis Log Help section. |
|
|
|
|
12-06-2007, 05:10 PM
|
#40 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 33
OS: XP SP 1
|
Re: search-daily.com
MAJOR PROBLEM
After another failed attempt at installing SP 2, I was told to reboot. After Microsoft had reset my settings. Upon rebooting, Windows will longer load. I get as far as the Windows XP logo, the sign in screen refuses to load and my pc continues this cycle of rebooting. I've tried safe mode, last know good... everything. Now I can't get onto Windows at all. I installed snoopfree and that seems to be what set everything in motion first. After the installation, I was prompted to reboot. I did and then I couldn't log in. It threw some error and said a "generic profile" was being created. I got some other message about platforms and merging certain files. I hit cancel and it logged me in. All my proggies were shown on the desktop, but all my files on there were gone and my desktop reset. I restarted and everything was fine. I could log in, and everything. All my stuff was back. With all the work we had done, I figured I'd take a shot at installing SP2. I got to the same location as last time with the error and all. This time after Windows reset everything back and I rebooted, I haven't been able to even get to the sign in screen. My mouse flashes a bunch of times and my pc keeps restarting, getting to the same point, then restarting again. Last edited by Michael Wayne; 12-06-2007 at 05:20 PM. |
|
|
|
| Thread Tools | |
|
|
