Infected with Trojan.Adclicker.HB & trojan generic 826214 - Page 2

KennyLegend · 11-15-2008, 02:15 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1399
Windows 5.1.2600 Service Pack 2

15/11/2008 09:04:17
mbam-log-2008-11-15 (09-04-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 157503
Time elapsed: 1 hour(s), 54 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 13
Files Infected: 275

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\lafegana.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm876c1fbe (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rizozoribo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\lafegana.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\lafegana.dll -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\gobewowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwowebog.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lafegana.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\lutirada.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\noginaru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\riyoyiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\valokiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vatutawi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hurikupu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nafugizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pifotamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\podezowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\porasusa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kajopezi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bosetiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvutiva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yejimoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yorojopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\dagitufa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\leborivo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\vomotuzi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\yekugebe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\BM876c1fbe.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

The system was then rebooted and here is the RSIT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ken & Caroline at 2008-11-15 09:12:10
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 40 GB (27%) free of 149 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:12:17, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ken & Caroline\Desktop\RSIT.exe
C:\PC Apps 3\Hijackthis\Ken & Caroline.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/...ue&lcode=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33107fe9-e799-49ce-a747-8d04d428adec} - C:\WINDOWS\system32\leborivo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\dagitufa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8833 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}]
C:\WINDOWS\system32\leborivo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-15 368640]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-12-26 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"RegistryMechanic"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Ken & Caroline\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\dagitufa.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\dagitufa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe"="C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe:*:Enabled:livesrv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-15 00:43:16 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Malwarebytes
2008-11-15 00:43:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-15 00:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-15 00:29:16 ----D---- C:\_OTMoveIt
2008-11-14 18:13:51 ----A---- C:\Bug.txt
2008-11-14 18:13:49 ----A---- C:\WINDOWS\system32\cmd.execf
2008-11-14 18:13:40 ----D---- C:\32788R22FWJFW
2008-11-14 18:12:04 ----D---- C:\WINDOWS\Prefetch
2008-11-14 10:30:11 ----D---- C:\Program Files\Sonic Foundry
2008-11-14 09:41:46 ----D---- C:\rsit
2008-11-12 13:42:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Publish Providers
2008-11-12 13:42:08 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony
2008-11-12 13:37:27 ----D---- C:\Program Files\Vstplugins
2008-11-12 13:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-12 13:37:11 ----D---- C:\Program Files\Sony
2008-11-12 13:31:48 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony Setup
2008-11-12 13:31:25 ----D---- C:\Program Files\Sony Setup
2008-11-12 10:17:59 ----SH---- C:\WINDOWS\system32\etawigom.ini
2008-11-12 10:11:25 ----A---- C:\WINDOWS\gmer.ini
2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer.dll
2008-11-12 10:11:21 ----A---- C:\WINDOWS\gmer.exe
2008-11-10 22:29:25 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-11-10 22:29:21 ----D---- C:\Program Files\Registry Mechanic
2008-11-02 14:11:21 ----D---- C:\Program Files\CDex_150
2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\locator.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\localspl.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ftp.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\format.com
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cmd.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cacls.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autochk.exe
2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\smss.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\services.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\schannel.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\savedump.exe
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samlib.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasman.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\printui.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\untfs.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\ulib.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\hal.dll
2008-11-01 10:01:01 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-31 23

36 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-31 23

36 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 23

36 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-31 07:46:56 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-24 02:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003240_.tmp.dll
2008-10-16 02:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-15 09:09:38 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 09:09:30 ----D---- C:\WINDOWS\system32
2008-11-15 09:08:00 ----D---- C:\WINDOWS\Temp
2008-11-15 09:07:41 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-15 09:07:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 09:07:11 ----D---- C:\WINDOWS
2008-11-15 09

25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-15 09

10 ----A---- C:\WINDOWS\bdagent.INI
2008-11-15 09:04:16 ----SD---- C:\WINDOWS\Tasks
2008-11-15 00:43:07 ----RD---- C:\Program Files
2008-11-15 00:36:29 ----D---- C:\WINDOWS\security
2008-11-15 00:00:25 ----A---- C:\WINDOWS\webshots.ini
2008-11-14 21:54:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-14 18:10:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 10:52:49 ----D---- C:\Most Wanted
2008-11-14 09:49:45 ----D---- C:\Aftershok
2008-11-12 14:19:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Azureus
2008-11-12 14:19:26 ----D---- C:\Program Files\PeerGuardian2
2008-11-12 13:49:33 ----RSD---- C:\WINDOWS\assembly
2008-11-12 13:49:33 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-12 13:37:42 ----SHD---- C:\WINDOWS\Installer
2008-11-12 13:36:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-12 13:35:12 ----D---- C:\WINDOWS\WinSxS
2008-11-12 13:34:56 ----HD---- C:\WINDOWS\inf
2008-11-12 13:34:51 ----D---- C:\Program Files\Internet Explorer
2008-11-12 11:55:17 ----D---- C:\PC Apps 3
2008-11-11 22:17:57 ----N---- C:\WINDOWS\system32\tijamuse.dll
2008-11-11 10:17:44 ----N---- C:\WINDOWS\system32\torazusa.dll
2008-11-10 22:17:31 ----N---- C:\WINDOWS\system32\vanozoyo.dll
2008-11-09 12:48:48 ----SHD---- C:\System Volume Information
2008-11-09 12:48:48 ----D---- C:\WINDOWS\system32\Restore
2008-11-07 16:50:12 ----D---- C:\dvd covers
2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 22:53:51 ----D---- C:\WINDOWS\AppPatch
2008-11-01 22:53:49 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 10:41:22 ----D---- C:\WINDOWS\system32\dllcache
2008-11-01 10:41:19 ----D---- C:\Program Files\Messenger
2008-11-01 10:41:16 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 10:41:14 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 10:41:13 ----D---- C:\WINDOWS\system32\npp
2008-11-01 10:41:06 ----D---- C:\WINDOWS\system32\Com
2008-11-01 10:40:12 ----D---- C:\WINDOWS\system
2008-11-01 10:40:11 ----D---- C:\WINDOWS\srchasst
2008-11-01 10:40:11 ----D---- C:\WINDOWS\PeerNet
2008-11-01 10:40:10 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 10:40:09 ----D---- C:\WINDOWS\msagent
2008-11-01 10:40:05 ----D---- C:\WINDOWS\ime
2008-11-01 10:40:05 ----D---- C:\WINDOWS\Help
2008-11-01 10:40:00 ----D---- C:\Program Files\Windows NT
2008-11-01 10:40:00 ----D---- C:\Program Files\Windows Media Player
2008-11-01 10:40:00 ----D---- C:\Program Files\Outlook Express
2008-11-01 10:39:59 ----D---- C:\Program Files\NetMeeting
2008-11-01 10:39:58 ----D---- C:\Program Files\Movie Maker
2008-11-01 10:39:54 ----D---- C:\Program Files\Common Files\System
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\scripting
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en-US
2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en
2008-11-01 10:39:36 ----D---- C:\WINDOWS\system32\bits
2008-11-01 10:38:23 ----D---- C:\WINDOWS\l2schemas
2008-11-01 10:01:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 09:58:48 ----D---- C:\WINDOWS\EHome
2008-11-01 03:02:11 ----A---- C:\WINDOWS\win.ini
2008-11-01 03:01:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 03:00:33 ----D---- C:\Program Files\Microsoft Works
2008-10-31 07:33:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-30 03:01:05 ----A---- C:\WINDOWS\imsins.BAK
2008-10-27 10:43:49 ----D---- C:\WINDOWS\system32\config
2008-10-27 10:43:29 ----D---- C:\WINDOWS\Registration
2008-10-24 02:00:29 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-17 02:01:01 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-12 85969]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-03 95360]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-01-30 917504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-07-02 1155072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-26 86016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-03-05 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

**TheBruce1** · 11-15-2008, 12:13 PM

Hello again

Looking much better.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/310076-infected-trojan-adclicker-hb-trojan-generic-826214-a.html

Collect::
C:\WINDOWS\system32\tijamuse.dll
C:\WINDOWS\system32\torazusa.dll
C:\WINDOWS\system32\vanozoyo.dll

File::
C:\WINDOWS\system32\cmd.execf
C:\WINDOWS\system32\etawigom.ini
C:\WINDOWS\imsins.BAK

DirLook::
C:\32788R22FWJFW

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,63,65,63,6c,69,00,00

Save this as CFscript

Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).

Let me know if the file was uploaded successfully

==========

JAVA OUTDATED

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofox.txt
Hijackthis Log

KennyLegend · 11-16-2008, 07:08 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:40, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PC Apps 3\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/...ue&lcode=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8556 bytes

KennyLegend · 11-16-2008, 07:09 AM

the Forum wont accept my combofix log cause its too long

**TheBruce1** · 11-16-2008, 07:46 AM

Do you mean it is too big, make sure your firewall is not blocking the file from being uploaded, if you can remember where the file is located.

It can be found at this location:

C:\QooBox\Quarantine\[4]-Submit_2008-11-16@xx.xx.zip

Upload to this website:

http://www.bleepingcomputer.com/subm....php?channel=4

Include this link into your submission:

http://www.techsupportforum.com/security-center/hijackthis-log-help/310076-infected-trojan-adclicker-hb-trojan-generic-826214-a.html

Let me know if you were successful/unsuccessful.

KennyLegend · 11-16-2008, 09:55 AM

The file was uploaded sucessfully Bruce.

**TheBruce1** · 11-16-2008, 10:42 AM

Hello again Kenny

File uploaded successfully, thank you.

Quote:

Logs Required
C:\Combofox.txt
Hijackthis Log

Can you post the Combofix.txt.

KennyLegend · 11-17-2008, 12:39 PM

Sorry Bruce...thatw as what i was aying yesterday. I couldnt post the comofix log cause it was asaying the text was too long. Ive split into two posts below.

1st half:

ComboFix 08-11-12.02 - Ken & Caroline 2008-11-16 13:43:49.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1587 [GMT 0:00]
Running from: c:\documents and settings\Ken & Caroline\Desktop\Kenny.exe
Command switches used :: c:\documents and settings\Ken & Caroline\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active

FILE ::
c:\windows\imsins.BAK
c:\windows\system32\cmd.execf
c:\windows\system32\etawigom.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\imsins.BAK
c:\windows\system32\_003140_.tmp.dll
c:\windows\system32\_003141_.tmp.dll
c:\windows\system32\_003142_.tmp.dll
c:\windows\system32\_003143_.tmp.dll
c:\windows\system32\_003150_.tmp.dll
c:\windows\system32\_003151_.tmp.dll
c:\windows\system32\_003152_.tmp.dll
c:\windows\system32\_003153_.tmp.dll
c:\windows\system32\_003154_.tmp.dll
c:\windows\system32\_003155_.tmp.dll
c:\windows\system32\_003156_.tmp.dll
c:\windows\system32\_003157_.tmp.dll
c:\windows\system32\_003158_.tmp.dll
c:\windows\system32\_003159_.tmp.dll
c:\windows\system32\_003160_.tmp.dll
c:\windows\system32\_003161_.tmp.dll
c:\windows\system32\_003162_.tmp.dll
c:\windows\system32\_003163_.tmp.dll
c:\windows\system32\_003164_.tmp.dll
c:\windows\system32\_003166_.tmp.dll
c:\windows\system32\_003167_.tmp.dll
c:\windows\system32\_003168_.tmp.dll
c:\windows\system32\_003169_.tmp.dll
c:\windows\system32\_003170_.tmp.dll
c:\windows\system32\_003174_.tmp.dll
c:\windows\system32\_003175_.tmp.dll
c:\windows\system32\_003177_.tmp.dll
c:\windows\system32\_003179_.tmp.dll
c:\windows\system32\_003180_.tmp.dll
c:\windows\system32\_003181_.tmp.dll
c:\windows\system32\_003182_.tmp.dll
c:\windows\system32\_003183_.tmp.dll
c:\windows\system32\_003184_.tmp.dll
c:\windows\system32\_003185_.tmp.dll
c:\windows\system32\_003186_.tmp.dll
c:\windows\system32\_003187_.tmp.dll
c:\windows\system32\_003189_.tmp.dll
c:\windows\system32\_003190_.tmp.dll
c:\windows\system32\_003191_.tmp.dll
c:\windows\system32\_003192_.tmp.dll
c:\windows\system32\_003193_.tmp.dll
c:\windows\system32\_003194_.tmp.dll
c:\windows\system32\_003195_.tmp.dll
c:\windows\system32\_003198_.tmp.dll
c:\windows\system32\_003199_.tmp.dll
c:\windows\system32\_003200_.tmp.dll
c:\windows\system32\_003201_.tmp.dll
c:\windows\system32\_003202_.tmp.dll
c:\windows\system32\_003204_.tmp.dll
c:\windows\system32\_003205_.tmp.dll
c:\windows\system32\_003206_.tmp.dll
c:\windows\system32\_003208_.tmp.dll
c:\windows\system32\_003210_.tmp.dll
c:\windows\system32\_003211_.tmp.dll
c:\windows\system32\_003212_.tmp.dll
c:\windows\system32\_003216_.tmp.dll
c:\windows\system32\_003217_.tmp.dll
c:\windows\system32\_003219_.tmp.dll
c:\windows\system32\_003222_.tmp.dll
c:\windows\system32\_003224_.tmp.dll
c:\windows\system32\_003225_.tmp.dll
c:\windows\system32\_003226_.tmp.dll
c:\windows\system32\_003227_.tmp.dll
c:\windows\system32\_003230_.tmp.dll
c:\windows\system32\_003231_.tmp.dll
c:\windows\system32\_003232_.tmp.dll
c:\windows\system32\_003233_.tmp.dll
c:\windows\system32\_003234_.tmp.dll
c:\windows\system32\_003239_.tmp.dll
c:\windows\system32\_003240_.tmp.dll
c:\windows\system32\_003241_.tmp.dll
c:\windows\system32\etawigom.ini
c:\windows\system32\tijamuse.dll
c:\windows\system32\torazusa.dll
c:\windows\system32\vanozoyo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 12:16 . 2008-11-16 12:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 12:16 . 2008-11-16 12:16 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- c:\program files\Vstplugins
2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Malwarebytes
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 00:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 00:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 00:29 . 2008-11-15 00:29 <DIR> d-------- C:\_OTMoveIt
2008-11-14 10:30 . 2008-11-14 10:30 <DIR> d-------- c:\program files\Sonic Foundry
2008-11-14 09:41 . 2008-11-14 09:42 <DIR> d-------- C:\rsit
2008-11-12 13:42 . 2008-11-12 13:42 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Sony
2008-11-12 13:42 . 2008-11-12 13:42 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Publish Providers
2008-11-12 13:37 . 2008-11-15 09:28 <DIR> d-------- c:\program files\Sony
2008-11-12 13:31 . 2008-11-12 13:31 <DIR> d-------- c:\program files\Sony Setup
2008-11-12 13:31 . 2008-11-12 13:33 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Sony Setup
2008-11-12 10:11 . 2008-11-12 10:11 250 --a------ c:\windows\gmer.ini
2008-11-10 22:29 . 2008-11-10 22:32 51,355 --a------ c:\windows\system32\muzika.xm
2008-11-02 14:11 . 2008-11-02 14:11 <DIR> d-------- c:\program files\CDex_150
2008-10-31 23:06 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-31 23:06 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-10-31 23:06 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-31 07:46 . 2008-10-31 07:46 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-18 11:03 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_003138_.tmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 13:46 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-16 12:16 --------- d-----w c:\program files\Java
2008-11-12 14:19 --------- d-----w c:\program files\PeerGuardian2
2008-11-12 14:19 --------- d-----w c:\documents and settings\Ken & Caroline\Application Data\Azureus
2008-11-01 03:00 --------- d-----w c:\program files\Microsoft Works
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-05 12:55 --------- d-----w c:\program files\iTunes
2008-10-05 12:55 --------- d-----w c:\program files\iPod
2008-10-05 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 12:49 --------- d-----w c:\program files\QuickTime
2008-10-05 12:49 --------- d-----w c:\program files\Common Files\Apple
2008-10-05 12:49 --------- d-----w c:\program files\Bonjour
2008-10-04 16:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-03 23:00 --------- d-----w c:\program files\Webshots
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-08-29 09:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2007-03-07 09:41 0 -c--a-w c:\documents and settings\Ken & Caroline\Application Data\wklnhst.dat
2006-12-28 15:23 88 --sh--r c:\windows\system32\62C30CEB89.sys
2006-12-28 15:23 4,076 -csha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\32788R22FWJFW ----

c:\32788r22fwjfw\

((((((((((((((((((((((((((((( snapshot@2008-06-27_16.55.18.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20

43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-11 23:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2004-08-04 01

34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe
+ 2004-08-04 05:00:00 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-04 05:00:00 245,248 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-04 05:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2007-07-27 09:41:48 231,288 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 09:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-18 21:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2008-11-01 03:02:05 91,488 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-01 03:02:05 103,776 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2006-12-22 12:14:22 64,088 -c--a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-11-01 03:01:36 66,936 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2006-12-22 12:14:21 223,800 -c--a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-11-01 03:01:32 226,656 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-11-12 13:35:13 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-11-12 13:35:17 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-11-12 13:35:17 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-11-12 13:35:18 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-11-12 13:35:16 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-11-12 13:35:12 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-11-12 13:35:12 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-11-12 13:35:21 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-11-12 13:35:14 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-11-12 13:35:13 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-11-12 13:35:11 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-11-12 13:35:12 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-11-12 13:35:16 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-11-12 13:35:17 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-11-12 13:35:17 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-11-12 13:35:13 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-11-12 13:35:13 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-11-12 13:35:13 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-11-12 13:35:13 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-11-12 13:35:12 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-11-12 13:35:22 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-11-12 13:35:22 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-11-12 13:35:10 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-11-12 13:35:22 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-11-12 13:35:23 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-11-12 13:35:11 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-11-12 13:35:11 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-11-12 13:35:11 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-11-12 13:35:20 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-11-12 13:35:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-11-12 13:35:20 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-11-12 13:35:18 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-11-12 13:35:12 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-11-12 13:35:16 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-11-12 13:35:14 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-11-12 13:35:14 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-11-12 13:35:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-11-12 13:35:21 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-11-12 13:35:19 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-11-12 13:35:21 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-11-12 13:35:19 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-11-12 13:35:19 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-11-12 13:35:13 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-11-12 13:35:14 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-11-12 13:35:22 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-11-12 13:35:15 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-11-12 13:35:15 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-11-12 13:35:15 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-11-12 13:35:15 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-11-12 13:35:20 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-11-12 13:49:03 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cb5d10f49c64e443a0bf5d40e78b4a51\Accessibility.ni.dll
+ 2008-11-12 13:49:03 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\38cc471912962849b456c0e28bb94fb8\AspNetMMCExt.ni.dll
+ 2008-11-12 13:49:04 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9b66740b2f12f049abde61c2f5719fc6\CustomMarshalers.ni.dll
+ 2008-11-12 13:49:04 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a7a0b93a407e54419e5771862017f3cc\dfsvc.ni.exe
+ 2008-11-12 13:49:05 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b6dd168e7c1d1b4d91e570055a228734\Microsoft.Build.Engine.ni.dll
+ 2008-11-12 13:49:06 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\49d676c971871347b63de4ae1375d49a\Microsoft.Build.Framework.ni.dll
+ 2008-11-12 13:49:07 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\af0aeedd5ea5df44a71ef9ce1082c266\Microsoft.Build.Tasks.ni.dll
+ 2008-11-12 13:49:08 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f6f4d04dbe35c54c9c0b764ed183d634\Microsoft.Build.Utilities.ni.dll
+ 2008-11-12 13:49:09 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9755b99865f7534e956fdb2e82076af0\Microsoft.VisualBasic.ni.dll
+ 2008-11-12 13:35:37 11,411,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4d798ea6a98db54e85a107dacb501e0f\mscorlib.ni.dll
+ 2008-11-12 13:49:10 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a1968b327502be458ea39716bb94377f\System.Configuration.ni.dll
+ 2008-11-12 13:36:18 6,688,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ef6944dded45fd429e89f91a35a63731\System.Data.ni.dll
+ 2008-11-12 13:49:11 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\85eaca56845ac04299751eda72ff808c\System.Deployment.ni.dll
+ 2008-11-12 13:36:30 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5999386cdaf00d4d8f881c52aa3e600f\System.Design.ni.dll
+ 2008-11-12 13:49:14 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\481f274ab633984a9a67ae646fb942bc\System.DirectoryServices.Protocols.ni.dll
+ 2008-11-12 13:49:13 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c59bfd3754803849957dcf142d894220\System.DirectoryServices.ni.dll
+ 2008-11-12 13:35:52 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\3da04a42627c34429bd61b569e276723\System.Drawing.Design.ni.dll
+ 2008-11-12 13:35:56 1,626,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b3fad328009c4d4b8a34a4a30a6e0858\System.Drawing.ni.dll
+ 2008-11-12 13:49:15 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3e136f695d4184bb55eb8ae2c51d8e6\System.EnterpriseServices.ni.dll
+ 2008-11-12 13:49:15 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3e136f695d4184bb55eb8ae2c51d8e6\System.EnterpriseServices.Wrapper.dll
+ 2008-11-12 13:49:16 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\042e86e8df35f14aab8555eb492f7f24\System.Security.ni.dll
+ 2008-11-12 13:49:17 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a38a0a52a4ef0d4c82b52916bc48aa99\System.Transactions.ni.dll
+ 2008-11-12 13:49:30 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7b9bdc73f5f83b4d98fdf35ede7a5fc2\System.Web.Mobile.ni.dll
+ 2008-11-12 13:49:30 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2831c17c6cbcdc46a472687accc4da8c\System.Web.RegularExpressions.ni.dll
+ 2008-11-12 13:49:33 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\daee1e447658dd41908217cfab116b77\System.Web.Services.ni.dll
+ 2008-11-12 13:49:27 11,808,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\88778cbe386e654383021ba03d17abaa\System.Web.ni.dll
+ 2008-11-12 13:36:06 13,107,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a6d545636db81645b8abbf86e858afb8\System.Windows.Forms.ni.dll
+ 2008-11-12 13:36:11 5,640,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5807f7930b864fbe78ce37dc4bb10c\System.Xml.ni.dll
+ 2008-11-12 13:35:51 8,093,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\d9552489f907c34cb9004553718d3f6a\System.ni.dll
- 2007-02-28 09:53:04 2,137,600 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2008-11-12 10:11:22 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 21:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-23 21:16:30 3,591,680 -c----w c:\windows\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB953838-IE7\wininet.dll
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2006-06-05 01:20:12 1,712,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20954_gdiplus.dll
+ 2006-06-05 01:20:22 225,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20963_wkssole.dll
+ 2006-06-05 01:20:22 2,023,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F22194_wksssdb.dll
+ 2003-07-15 03:13:58 166,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-14 22:43:20 87,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-14 22:57:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-14 22:53:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:14:28 350,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 03:18:12 47,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 18:57:20 75,832 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-14 22:56:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-14 22:57:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-14 22:52:54 39,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL
+ 2003-07-14 22:53:18 34,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE
+ 2003-07-31 15:19:52 131,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-13 02:34:38 10,073,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-07-14 22:41:44 13,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-08-03 10:56:16 1,146,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-23 23:01:40 1,949,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-14 23:36:14 186,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-14 22:40:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-14 22:40:12 165,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-25 19:00:16 1,157,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-25 19:14:50 799,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-14 23:11:42 2,139,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-14 22:57:44 87,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-14 22:53:50 161,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-23 22:32:32 121,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-08-01 15:07:36 4,815,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-14 22:45:14 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-18 17:31:44 758,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 17:31:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 17:31:48 17,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 17:31:48 18,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 17:31:46 35,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 17:31:34 443,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-14 22:46:08 176,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-08-15 00:54:08 6,627,392 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 03:13:58 130,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-14 22:58:04 230,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2002-12-17 19:08:50 359,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 19:08:54 1,383,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-14 22:51:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 03:14:00 139,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-04-09 20:14:36 187,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-14 22:52:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 00:23:16 12,172,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-14 22:57:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 03:14:18 106,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-23 22:35:26 127,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-14 22:52:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 22:44:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-14 22:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 19:09:24 2,071,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-11 02:15:48 1,292,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 03:18:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 22:52:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 22:52:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 22:53:20 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 22:46:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 22:45:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 22:45:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 17:31:24 1,033,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 17:31:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-28 12:24:40 5,677,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-19 16:05:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-14 22:52:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-14 23:02:14 627,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-14 22:56:24 124,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-23 22:40:00 482,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-14 23:00:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-14 22:57:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-14 22:56:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2006-12-22 12:14:21 223,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 03:14:26 283,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 03:14:26 828,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 03:14:26 27,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 03:14:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-14 23:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-14 22:41:56 24,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-14 22:44:34 102,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-07 13:36:00 2,058,343 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-08 11:48:00 115,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-08-09 23

42 7,522,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-14 22:44:32 88,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-14 22:45:18 196,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-14 22:43:48 139,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-14 22:43:18 64,056 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-14 22:43:16 49,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-08-04 13:19:34 7,330,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-01 15:09:04 8,086,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 12:40:40 6,133,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 03:18:54 430,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 03:18:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 15:21:08 1,782,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-14 22:40:26 130,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-14 22:51:12 604,728 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-14 22:50:26 551,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-14 22:40:16 51,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-14 22:42:26 37,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-08 21:54:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 22:57:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 22:43:30 74,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-21 11:46:38 390,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-14 22:44:16 66,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 22:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-14 22:53:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-06 13:26:18 445,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 10:52:32 2,808,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-14 23:00:22 99,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-03 15:19:36 2,502,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2006-12-22 12:14:22 64,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 13:24:20 12,037,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2008-09-13 10:57:07 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2006-12-14 23:29:51 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2008-11-01 03:00:35 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
- 2006-12-14 23:29:51 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2008-11-01 03:00:35 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2006-12-14 23:29:51 184,320 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2008-11-01 03:00:35 184,320 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
- 2006-12-14 23:29:51 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2008-11-01 03:00:35 65,536 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2006-12-14 23:29:51 17,534 -c--a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2008-11-01 03:00:35 17,534 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2006-12-14 23:29:51 4,710 -c--a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
+ 2008-11-01 03:00:35 4,710 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2006-12-14 23:29:51 4,710 -c--a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2008-11-01 03:00:35 4,710 ----a-r c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2008-10-05 12:49:41 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2008-03-23 12:42:16 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-01 03:02:42 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-23 12:42:16 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-01 03:02:42 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-23 12:42:16 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-01 03:02:42 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-23 12:42:16 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-01 03:02:41 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-23 12:42:16 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-01 03:02:42 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-23 12:42:17 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-01 03:02:42 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-23 12:42:17 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-01 03:02:42 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-23 12:42:17 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-01 03:02:42 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-23 12:42:16 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-01 03:02:41 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-23 12:42:16 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-01 03:02:41 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-23 12:42:17 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-01 03:02:42 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-23 12:42:16 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-01 03:02:41 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-23 12:42:16 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-01 03:02:41 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-05 12:57:10 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
- 2003-02-20 19:09:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 07:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 19:09:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 07:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 07:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 07:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 07:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2003-02-20 18:43:50 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 07:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 07:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 07:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 07:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 07:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 07:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 07:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 07:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 07:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 07:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 07:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 07:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 07:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 07:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 07:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 07:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 07:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 07:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 07:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 07:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 07:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 07:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 07:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 07:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 07:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 07:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 07:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 07:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 07:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 07:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 07:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 07:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 07:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 07:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 07:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 07:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 07:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 07:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 07:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 07:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 07:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 07:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 07:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 07:01:16 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 06:29:48 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 06:32:24 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 06:34:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 06:34:12 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 06:34:44 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 06:36:24 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 03:46:14 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 06:38:26 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 06:38:52 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 06:40:30 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 06:40:32 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 06:40:56 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 06:42:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 06:44:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 06:46:38 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 06:46:38 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 06:46:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 06:47:04 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 06:47:30 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 06:47:32 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 06:47:32 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 06:30:18 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 06:47:06 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 06:29:50 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 06:36:48 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 07:57:06 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 07:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 07:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 07:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 07:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 07:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 07:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 07:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 07:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 07:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 07:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 07:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 07:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 07:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 07:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 07:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 07:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 07:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 07:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 07:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 07:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 07:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 07:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 07:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 07:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 07:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 07:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 07:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 07:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 07:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 07:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 07:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 07:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 07:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 07:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 07:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 07:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 07:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 07:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 07:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 07:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 07:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 07:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 07:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 07:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 07:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 07:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 07:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 07:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 07:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 07:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 07:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 07:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 07:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 07:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 07:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 07:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 07:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 07:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 07:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 07:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 07:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 07:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 07:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 07:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 07:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 07:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 07:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 07:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 07:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 07:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 07:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 07:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 07:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 07:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 07:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 07:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

KennyLegend · 11-17-2008, 12:41 PM

2nd half:

- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 08:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 07:00:00 212,480 ----a-w c:\windows\swxcacls.exe
- 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2006-09-28 20:52:18 655,360 ----a-w c:\windows\system32\CDDBControl.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangDE.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangES.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangFR.dll
+ 2006-09-28 20:52:18 102,400 ----a-w c:\windows\system32\CddbLangIT.dll
+ 2006-09-28 20:52:18 77,824 ----a-w c:\windows\system32\CddbLangJA.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangNL.dll
+ 2006-09-28 20:52:18 765,952 ----a-w c:\windows\system32\CDDBUI.dll
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-07-18 21:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2005-09-23 07:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
- 2008-04-23 04:16:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2004-08-04 05:00:00 352,256 ----a-w c:\windows\system32\dllcache\atmuni.sys
+ 2004-08-04 05:00:00 42,577 ----a-w c:\windows\system32\dllcache\bckgzm.exe
+ 2004-08-04 05:00:00 152,576 ----a-w c:\windows\system32\dllcache\bnts.dll
+ 2004-08-04 05:00:00 21,504 ----a-w c:\windows\system32\dllcache\brpinfo.dll
+ 2004-08-04 05:00:00 12,288 ----a-w c:\windows\system32\dllcache\cb32.exe
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-07-18 21:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 05:00:00 11,776 ----a-w c:\windows\system32\dllcache\cpqdap01.sys
- 2006-11-07 21:03:36 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
+ 2004-08-04 05:00:00 28,672 ----a-w c:\windows\system32\dllcache\custsat.dll
- 2008-02-20 05:32:43 148,992 ------w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 05:00:00 120,320 ----a-w c:\windows\system32\dllcache\dsprov.dll
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 05:00:00 6,144 ----a-w c:\windows\system32\dllcache\fsconins.dll
+ 2004-08-04 05:00:00 12,160 ----a-w c:\windows\system32\dllcache\fsvga.sys
+ 2004-08-04 05:00:00 53,248 ----a-w c:\windows\system32\dllcache\fwdprov.dll
+ 2004-08-04 05:00:00 108,544 ----a-w c:\windows\system32\dllcache\guitrn_a.dll
+ 2004-08-04 05:00:00 99,840 ----a-w c:\windows\system32\dllcache\helphost.exe
+ 2004-08-04 05:00:00 87,552 ----a-w c:\windows\system32\dllcache\hhctrlui.dll
+ 2004-08-04 05:00:00 362,496 ----a-w c:\windows\system32\dllcache\home_ss.dll
+ 2004-08-04 05:00:00 13,312 ----a-w c:\windows\system32\dllcache\htrn_jis.dll
- 2008-04-23 04:16:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 05:00:00 73,728 ----a-w c:\windows\system32\dllcache\icwtutor.exe
- 2008-04-23 04:16:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-23 04:16:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2007-08-21 06:15:44 683,520 ------w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 05:00:00 7,680 ----a-w c:\windows\system32\dllcache\mcd.sys
+ 2004-08-04 05:00:00 28,160 ----a-w c:\windows\system32\dllcache\mciwave.drv
+ 2004-08-04 05:00:00 362,496 ----a-w c:\windows\system32\dllcache\metal_ss.dll
+ 2004-08-04 05:00:00 192,512 ----a-w c:\windows\system32\dllcache\migism_a.dll
+ 2004-08-04 05:00:00 786,432 ----a-w c:\windows\system32\dllcache\migrate.exe
+ 2004-08-04 05:00:00 236,032 ----a-w c:\windows\system32\dllcache\migwiz_a.exe
+ 2008-05-01 14:30:33 331,776 ------w c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 05:00:00 23,552 ----a-w c:\windows\system32\dllcache\mssoapr.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 05:00:00 35,328 ----a-w c:\windows\system32\dllcache\notiflag.exe
- 2007-02-28 09:53:04 2,137,600 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 ------w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 ------w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-04 05:00:00 63,232 ----a-w c:\windows\system32\dllcache\nwlnknb.sys
- 2008-04-23 04:16:28 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 05:00:00 82,944 ----a-w c:\windows\system32\dllcache\olecli.dll
+ 2004-08-04 05:00:00 24,064 ----a-w c:\windows\system32\dllcache\olesvr.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 05:00:00 5,888 ----a-w c:\windows\system32\dllcache\rootmdm.sys
+ 2004-08-04 05:00:00 36,864 ----a-w c:\windows\system32\dllcache\sapisvr.exe
+ 2004-08-04 05:00:00 188,416 ----a-w c:\windows\system32\dllcache\script_a.dll
- 2006-06-26 17:51:29 985,088 -c----w c:\windows\system32\dllcache\setupapi.dll
+ 2006-06-26 17:51:28 985,088 ----a-w c:\windows\system32\dllcache\setupapi.dll
+ 2004-08-04 05:00:00 14,592 ----a-w c:\windows\system32\dllcache\smclib.sys
+ 2004-08-04 05:00:00 40,960 ----a-w c:\windows\system32\dllcache\smtpcons.dll
+ 2004-08-04 05:00:00 77,824 ----a-w c:\windows\system32\dllcache\spcommon.dll
+ 2004-08-04 05:00:00 61,440 ----a-w c:\windows\system32\dllcache\spcplui.dll
+ 2004-08-04 05:00:00 774,144 ----a-w c:\windows\system32\dllcache\spttseng.dll
+ 2004-08-04 05:00:00 47,104 ----a-w c:\windows\system32\dllcache\srdiag.exe
+ 2004-08-04 05:00:00 155,648 ----a-w c:\windows\system32\dllcache\sysmod_a.dll
+ 2004-08-04 05:00:00 15,360 ----a-w c:\windows\system32\dllcache\taskman.exe
- 2007-10-30 17:20:55 360,064 ------w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 05:00:00 4,048 ----a-w c:\windows\system32\dllcache\timer.drv
+ 2004-08-04 05:00:00 61,952 ----a-w c:\windows\system32\dllcache\tmplprov.dll
+ 2004-08-04 05:00:00 51,712 ----a-w c:\windows\system32\dllcache\tosdvd.sys
+ 2004-08-04 05:00:00 40,960 ----a-w c:\windows\system32\dllcache\trialoc.dll
+ 2004-08-04 05:00:00 59,904 ----a-w c:\windows\system32\dllcache\trnsprov.dll
+ 2004-08-04 05:00:00 25,600 ----a-w c:\windows\system32\dllcache\twunk_32.exe
+ 2004-08-04 05:00:00 16,896 ----a-w c:\windows\system32\dllcache\unsecapp.exe
+ 2004-08-04 05:00:00 116,224 ----a-w c:\windows\system32\dllcache\updprov.dll
- 2008-04-23 04:16:28 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 05:00:00 58,112 ----a-w c:\windows\system32\dllcache\vdmindvd.sys
+ 2004-08-04 05:00:00 18,944 ----a-w c:\windows\system32\dllcache\vmmreg32.dll
+ 2004-08-04 05:00:00 12,288 ----a-w c:\windows\system32\dllcache\wb32.exe
+ 2004-08-04 05:00:00 12,288 ----a-w c:\windows\system32\dllcache\wbemads.dll
- 2008-04-23 04:16:29 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 05:00:00 13,312 ----a-w c:\windows\system32\dllcache\winmgmt.exe
+ 2004-08-04 05:00:00 16,384 ----a-w c:\windows\system32\dllcache\winmgmtr.dll
+ 2004-08-04 05:00:00 25,088 ----a-w c:\windows\system32\dllcache\wisc10.dll
+ 2004-08-04 05:00:00 61,440 ----a-w c:\windows\system32\dllcache\wmimsg.dll
+ 2004-08-04 05:00:00 75,264 ----a-w c:\windows\system32\dllcache\wmipicmp.dll
+ 2004-08-04 05:00:00 52,224 ----a-w c:\windows\system32\dllcache\wmitimep.dll
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-18 21:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-07-18 21:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-07-18 21:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-18 21:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-07-18 21:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-18 21:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll
+ 2004-08-04 05:00:00 71,040 ------w c:\windows\system32\drivers\_003118_.tmp.dll
+ 2004-08-04 05:00:00 71,040 ------w c:\windows\system32\drivers\_003128_.tmp.dll
+ 2004-08-04 05:00:00 71,040 ------w c:\windows\system32\drivers\_003138_.tmp.dll
- 2004-08-04 05:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2007-06-04 14:14:56 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 11:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-09-17 13:00:21 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 11:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
- 2008-02-13 17:41:18 85,520 ----a-w c:\windows\system32\drivers\bdfndisf.sys
+ 2008-07-02 16:16:42 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
- 2008-01-29 11:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 12:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-11-12 10:11:22 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2007-09-17 13:00:21 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 11:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys

- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-17 12:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 12:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-01 12:01:28 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2003-08-03 10:56:16 1,146,184 -c--a-w c:\windows\system32\FM20.DLL
+ 2007-06-06 10:53:34 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2003-07-14 22:57:04 32,584 -c--a-w c:\windows\system32\FM20ENU.DLL
+ 2007-03-22 19:17:04 35,440 ----a-w c:\windows\system32\FM20ENU.DLL
- 2008-04-10 02:11:03 224,024 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-15 09:07:29 1,512,312 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-01-29 11:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2007-09-24 22:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-16 12:16:14 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-24 22:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-16 12:16:14 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-24 23:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-16 12:16:14 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-01-14 20:25:26 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 11:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2003-09-04 14:14:28 94,208 ----a-w c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2007-11-21 00:52:38 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-19 14:04:19 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-08-01 23:58:34 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2003-06-18 17:31:48 17,920 ----a-w c:\windows\system32\mdimon.dll
+ 2007-04-09 13:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-07-14 23:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
+ 2005-09-23 07:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
- 2003-02-20 19:09:14 106,496 ----a-w c:\windows\system32\mscories.dll
+ 2005-09-23 07:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
- 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-04-23 21:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2004-08-04 05:00:00 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-23 21:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
- 2004-08-04 05:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32(3).dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 09:15:59 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:53:04 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-03-31 21:14:02 54,280 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-12 13:36:33 63,860 ----a-w c:\windows\system32\perfc009.dat
- 2008-03-31 21:14:02 384,596 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-12 13:36:33 405,310 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2004-08-12 17:45:54 137,728 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\hdaudbus.sys
+ 2004-08-04 05:00:00 36,096 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\intelppm.sys
+ 2004-08-04 05:00:00 36,096 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\intelppm.sys
- 2008-01-31 06:15:02 2,503,080 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-10-27 10:43:50 2,294,172 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-07-18 21:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 21:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-04-14 00:12:36 7,680 ----a-w c:\windows\system32\spdwnwxp.exe
- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-08-10 20:46:18 17,272 ------w c:\windows\system32\spmsg.dll
- 2003-06-18 17:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 17:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 17:31:44 758,784 -c--a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 17:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 17:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 13:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
- 2006-10-08 20:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-08-10 20:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 1996-01-12 18:00:00 24,576 ----a-w c:\windows\system32\STKIT432.DLL
- 2007-11-13 11:31:11 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-18 21:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 17:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-07-18 21:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-07-18 21:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-07-18 21:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-07-18 21:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-07-18 21:10:20 36,552 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-07-18 21:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-07-18 21:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-11-16 13:47:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2004-03-29 15:23:44 90,112 ----a-w c:\windows\unvise32.exe
- 2007-01-19 20:15:24 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-04-14 00:12:50 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2007-01-19 20:15:24 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2008-04-14 00:12:50 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
- 2007-01-19 20:15:24 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 00:12:50 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
- 2007-01-19 20:15:24 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 00:12:50 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-06-05 13:14:28 479,232 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 548,864 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 626,688 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2008-04-14 00:12:51 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2004-08-04 05:00:00 853,504 -c--a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 00:12:49 853,504 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
- 2004-08-04 05:00:00 991,232 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2008-04-14 00:12:50 991,232 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2004-08-04 05:00:00 132,096 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-04-13 18:26:33 132,096 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-11-12 13:35:12 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-11-12 13:35:12 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-12-26 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Ken & Caroline\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2007-02-04 192512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe"=

R2 Basics Service;Basics Service;c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2006-06-05 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-dimsntfy - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:47:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-11-16 13:57:16 - machine was rebooted [Ken & Caroline]
ComboFix-quarantined-files.txt 2008-11-16 13:56:44

Pre-Run: 41,332,326,400 bytes free
Post-Run: 41,192,722,432 bytes free

1279 --- E O F --- 2008-11-01 10:43:10

**TheBruce1** · 11-17-2008, 02:01 PM

Hello again Kenny

I thought you meant you could not upload the file to Bleeping Computer.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE')

Please remember to close all other windows, including browsers then click Fix checked.

========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::
Folder::
c:\windows\system32\muzika.xm
C:\32788R22FWJFW
File::
c:\windows\system32\drivers\_003138_.tmp.dll

Save this as CFscript

Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

This animation will guide you through the process:

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report
Hijackthis Log

KennyLegend · 11-17-2008, 05:14 PM

Bruce ive gotten as far as updating Kapersky and the update keeps failing with "Error..invalid file signature". I have my AV disabled.

**TheBruce1** · 11-18-2008, 04:13 AM

Hi,

I you are still having problems with Kaspersky scan, do this instead:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, we need to change the default settings.
In the Menu Bar, Go to Options>Change Settings.
Click on the Actions tab
Using the drop down menus, change each item under Objects and Malware to Report
Next, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'No to All' if it asks if you want to cure/move the file.
After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Post the contents of the log from Dr.Web you saved previously in your next reply.

Along with the Combofix.txt and Hijackthis log.

KennyLegend · 11-19-2008, 11:13 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:58, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ken & Caroline\Desktop\launch.exe
C:\DOCUME~1\KEN&CA~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\KEN&CA~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PC Apps 3\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/...ue&lcode=en-us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8301 bytes

ComboFix 08-11-12.02 - Ken & Caroline 2008-11-18 0:00:41.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407 [GMT 0:00]
Running from: c:\documents and settings\Ken & Caroline\Desktop\Troubleshooting Tools\Kenny.exe
Command switches used :: c:\documents and settings\Ken & Caroline\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active

.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\windows\system32\drivers\_003138_.tmp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\_003138_.tmp.dll
c:\windows\system32\muzika.xm\

.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-16 17:25 . 2008-11-16 17:25 <DIR> d-------- c:\program files\Vstplugins
2008-11-16 17:25 . 2008-11-16 17:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-16 12:16 . 2008-11-16 12:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 12:16 . 2008-11-16 12:16 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Malwarebytes
2008-11-15 00:43 . 2008-11-15 00:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 00:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 00:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 00:29 . 2008-11-15 00:29 <DIR> d-------- C:\_OTMoveIt
2008-11-14 10:30 . 2008-11-14 10:30 <DIR> d-------- c:\program files\Sonic Foundry
2008-11-14 09:41 . 2008-11-14 09:42 <DIR> d-------- C:\rsit
2008-11-12 13:42 . 2008-11-12 13:42 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Sony
2008-11-12 13:42 . 2008-11-12 13:42 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Publish Providers
2008-11-12 13:37 . 2008-11-16 17:25 <DIR> d-------- c:\program files\Sony
2008-11-12 13:31 . 2008-11-12 13:31 <DIR> d-------- c:\program files\Sony Setup
2008-11-12 13:31 . 2008-11-12 13:33 <DIR> d-------- c:\documents and settings\Ken & Caroline\Application Data\Sony Setup
2008-11-12 10:11 . 2008-11-12 10:11 250 --a------ c:\windows\gmer.ini
2008-11-10 22:29 . 2008-11-10 22:32 51,355 --a------ c:\windows\system32\muzika.xm
2008-11-02 14:11 . 2008-11-02 14:11 <DIR> d-------- c:\program files\CDex_150
2008-10-31 23:06 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-31 23:06 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-10-31 23:06 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-31 07:46 . 2008-10-31 07:46 <DIR> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 00:00 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-16 19:58 --------- d-----w c:\documents and settings\Ken & Caroline\Application Data\Azureus
2008-11-16 16:51 --------- d-----w c:\program files\PeerGuardian2
2008-11-16 12:16 --------- d-----w c:\program files\Java
2008-11-01 03:00 --------- d-----w c:\program files\Microsoft Works
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-05 12:55 --------- d-----w c:\program files\iTunes
2008-10-05 12:55 --------- d-----w c:\program files\iPod
2008-10-05 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 12:49 --------- d-----w c:\program files\QuickTime
2008-10-05 12:49 --------- d-----w c:\program files\Common Files\Apple
2008-10-05 12:49 --------- d-----w c:\program files\Bonjour
2008-10-04 16:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-03 23:00 --------- d-----w c:\program files\Webshots
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-08-29 09:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2007-03-07 09:41 0 -c--a-w c:\documents and settings\Ken & Caroline\Application Data\wklnhst.dat
2006-12-28 15:23 88 --sh--r c:\windows\system32\62C30CEB89.sys
2006-12-28 15:23 4,076 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-11-16_13.56.09.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-22 19:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 19:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 13:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 13:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 14:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 13:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 13:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 17:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 13:35:04 6,747,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 13:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 13:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 13:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 13:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 13:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 13:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 13:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 13:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 13:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-22 19:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 19:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 19:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 17:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 13:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2008-11-01 03:02:42 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-16 13:58:49 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-11-01 03:02:42 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-16 13:58:49 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-01 03:02:42 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-16 13:58:49 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-01 03:02:41 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-16 13:58:49 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-01 03:02:42 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-16 13:58:49 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-01 03:02:42 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-16 13:58:49 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-01 03:02:42 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-16 13:58:49 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-01 03:02:42 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-16 13:58:49 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-01 03:02:41 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-16 13:58:49 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-01 03:02:41 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-16 13:58:49 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-01 03:02:42 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-16 13:58:49 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-01 03:02:41 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-16 13:58:49 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-01 03:02:41 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-16 13:58:49 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-10 20:46:18 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-16 20:00:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2008-11-16 20:00:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-12-26 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Ken & Caroline\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2007-02-04 192512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe"=

R2 Basics Service;Basics Service;c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2006-06-05 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - 7FA41B1D
*Newly Created Service* - EFDE7B1A
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 00:00:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-11-18 0:05:16
ComboFix-quarantined-files.txt 2008-11-18 00:05:12
ComboFix2.txt 2008-11-16 13:57:20

Pre-Run: 40,906,969,088 bytes free
Post-Run: 40,885,297,152 bytes free

213 --- E O F --- 2008-11-16 13:58:52

Kenny.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\Kenny.exe;Probably BATCH.Virus;;
Kenny.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\Kenny.exe;Program.PsExec.171;;
Kenny.exe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools;Archive contains infected objects;;
Process.exe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\SDFix\apps;Tool.Prockill;;
Azureus_2.3.0.4_Win32.setup.exe\data005;C:\PC Apps 2\Azureus_2.3.0.4_Win32.setup.exe;Adware.Webdir;;
Azureus_2.3.0.4_Win32.setup.exe;C:\PC Apps 2;Archive contains infected objects;;
A0072436.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP739\A0072436.exe;Probably BATCH.Virus;;
A0072436.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP739\A0072436.exe;Program.PsExec.171;;
A0072436.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP739;Archive contains infected objects;;
A0072753.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP743;Probably BATCH.Virus;;
A0072811.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP744;Probably BATCH.Virus;;
A0073618.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP752;Probably BATCH.Virus;;
A0073778.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP753;Program.PsExec.170;;
A0074211.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP757;Probably BATCH.Virus;;
mogiwate.dll;C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32;Trojan.Siggen.568;;

**TheBruce1** · 11-19-2008, 03:15 PM

Hi Kenny

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::
File::
C:\PC Apps 2\Azureus_2.3.0.4_Win32.setup.exe
C:\DOCUME~1\KEN&CA~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\KEN&CA~1\LOCALS~1\Temp\RarSFX0\setup.exe

Save this as CFscript

Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

========

If there are no further issues, continue below.

========

Delete RSIT/OTMoveIt3 and Dr.Web Cureit from your desktop, delete these folders as well c\:rsit and C:\_OTMoveIt. Uninstall Hijackthis via add/remove, you can keep Malwarebytes' Anti-Malware if you wish.

========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

=========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.

Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.

Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

KennyLegend · 11-19-2008, 04:17 PM

The Dr webcureit logs showed up some infections...how come i was NOT to click on "cure" for these ?

I'll do that combofix instruction tomoro..thanks.

**TheBruce1** · 11-20-2008, 06:14 AM

Quote:

Originally Posted by KennyLegend

The Dr webcureit logs showed up some infections...how come i was NOT to click on "cure" for these ?

Some of what Dr.Web Cureit found belong to tools we are currently using, such as:

Quote:

Kenny.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\Kenny.exe(Combofix);Probably BATCH.Virus;;
Kenny.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\Kenny.exe;Program.PsExec.171;;
Kenny.exe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools;Archive contains infected objects;;
Process.exe;C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\SDFix\apps;Tool.Prockill;;

You can also delete this folder:

C:\Documents and Settings\Ken & Caroline\Desktop\Troubleshooting Tools\SDFix

Before uninstalling Combofix, please rename Kenny.exe back to Combofix.exe.

KennyLegend · 11-22-2008, 04:58 AM

Thanks Bruce for all your help. You've been a Godsend.

My PC is running spot on now again !!

**TheBruce1** · 11-23-2008, 03:57 AM

You`re welcome, surf safely

11-15-2008, 02:15 AM	#21 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Malwarebytes' Anti-Malware 1.30 Database version: 1399 Windows 5.1.2600 Service Pack 2 15/11/2008 09:04:17 mbam-log-2008-11-15 (09-04-17).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 157503 Time elapsed: 1 hour(s), 54 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 12 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 13 Files Infected: 275 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\lafegana.dll (Trojan.BHO) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm876c1fbe (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rizozoribo (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\lafegana.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\lafegana.dll -> Delete on reboot. Folders Infected: C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\gobewowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iwowebog.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\lafegana.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\lutirada.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\noginaru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\riyoyiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\valokiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vatutawi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hurikupu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nafugizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pifotamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\podezowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\porasusa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kajopezi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bosetiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvutiva.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yejimoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yorojopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\dagitufa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\leborivo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\vomotuzi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\_OTMoveIt\MovedFiles\11152008_002916\WINDOWS\system32\yekugebe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Ken & Caroline\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\BM876c1fbe.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. The system was then rebooted and here is the RSIT log: Logfile of random's system information tool 1.04 (written by random/random) Run by Ken & Caroline at 2008-11-15 09:12:10 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 40 GB (27%) free of 149 GB Total RAM: 2046 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:12:17, on 15/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ken & Caroline\Desktop\RSIT.exe C:\PC Apps 3\Hijackthis\Ken & Caroline.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/...ue&lcode=en-us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {33107fe9-e799-49ce-a747-8d04d428adec} - C:\WINDOWS\system32\leborivo.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\dagitufa.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8833 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33107fe9-e799-49ce-a747-8d04d428adec}] C:\WINDOWS\system32\leborivo.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-04 86016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800] "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] "NWEReboot"= [] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376] "basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-15 368640] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-12-26 61440] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] "RegistryMechanic"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Ken & Caroline\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\dagitufa.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\system32\dagitufa.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe::Enabled:Explorer" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe::Enabled:logonui" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe::Enabled:winlogon" "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe"="C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe::Enabled:livesrv" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" ======File associations====== .js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-11-15 00:43:16 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Malwarebytes 2008-11-15 00:43:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-15 00:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-15 00:29:16 ----D---- C:\_OTMoveIt 2008-11-14 18:13:51 ----A---- C:\Bug.txt 2008-11-14 18:13:49 ----A---- C:\WINDOWS\system32\cmd.execf 2008-11-14 18:13:40 ----D---- C:\32788R22FWJFW 2008-11-14 18:12:04 ----D---- C:\WINDOWS\Prefetch 2008-11-14 10:30:11 ----D---- C:\Program Files\Sonic Foundry 2008-11-14 09:41:46 ----D---- C:\rsit 2008-11-12 13:42:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Publish Providers 2008-11-12 13:42:08 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony 2008-11-12 13:37:27 ----D---- C:\Program Files\Vstplugins 2008-11-12 13:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Sony 2008-11-12 13:37:11 ----D---- C:\Program Files\Sony 2008-11-12 13:31:48 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Sony Setup 2008-11-12 13:31:25 ----D---- C:\Program Files\Sony Setup 2008-11-12 10:17:59 ----SH---- C:\WINDOWS\system32\etawigom.ini 2008-11-12 10:11:25 ----A---- C:\WINDOWS\gmer.ini 2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-11-12 10:11:22 ----A---- C:\WINDOWS\gmer.dll 2008-11-12 10:11:21 ----A---- C:\WINDOWS\gmer.exe 2008-11-10 22:29:25 ----A---- C:\WINDOWS\system32\STKIT432.DLL 2008-11-10 22:29:21 ----D---- C:\Program Files\Registry Mechanic 2008-11-02 14:11:21 ----D---- C:\Program Files\CDex_150 2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll 2008-11-01 10:01:38 ----A---- C:\WINDOWS\system32\qmgr.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntvdm.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntprint.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntlsapi.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ntdll.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\nslookup.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msv1_0.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\msgsvc.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\mgmtapi.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lsasrv.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\locator.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\localspl.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\lmhsvc.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\kernel32.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\imagehlp.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\ftp.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\format.com 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\csrsrv.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comdlg32.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\comctl32.dll 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cmd.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\cacls.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autoconv.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\autochk.exe 2008-11-01 10:01:06 ----A---- C:\WINDOWS\system32\advapi32.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\srvsvc.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\smss.exe 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\setupapi.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\sessmgr.exe 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\services.exe 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\schannel.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\scardsvr.exe 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\savedump.exe 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samsrv.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\samlib.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rshx32.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rastapi.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasman.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasdlg.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasauto.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\rasapi32.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\printui.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\perfctrs.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\olecnv32.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\oleaut32.dll 2008-11-01 10:01:05 ----A---- C:\WINDOWS\system32\nwprovau.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\wkssvc.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\win32spl.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\userinit.exe 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\untfs.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\ulib.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\tcpmonui.dll 2008-11-01 10:01:04 ----A---- C:\WINDOWS\system32\syssetup.dll 2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2008-11-01 10:01:02 ----A---- C:\WINDOWS\system32\hal.dll 2008-11-01 10:01:01 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe 2008-10-31 2336 ----A---- C:\WINDOWS\system32\muweb.dll 2008-10-31 2336 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-10-31 2336 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-10-31 07:46:56 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-24 02:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-18 11:03:50 ----N---- C:\WINDOWS\system32\_003240_.tmp.dll 2008-10-16 02:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-16 02:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-16 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-16 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-16 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ ======List of files/folders modified in the last 1 months====== 2008-11-15 09:09:38 ----D---- C:\Program Files\Mozilla Firefox 2008-11-15 09:09:30 ----D---- C:\WINDOWS\system32 2008-11-15 09:08:00 ----D---- C:\WINDOWS\Temp 2008-11-15 09:07:41 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt 2008-11-15 09:07:11 ----D---- C:\WINDOWS\system32\drivers 2008-11-15 09:07:11 ----D---- C:\WINDOWS 2008-11-15 0925 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-15 0910 ----A---- C:\WINDOWS\bdagent.INI 2008-11-15 09:04:16 ----SD---- C:\WINDOWS\Tasks 2008-11-15 00:43:07 ----RD---- C:\Program Files 2008-11-15 00:36:29 ----D---- C:\WINDOWS\security 2008-11-15 00:00:25 ----A---- C:\WINDOWS\webshots.ini 2008-11-14 21:54:16 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-14 18:10:51 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-14 10:52:49 ----D---- C:\Most Wanted 2008-11-14 09:49:45 ----D---- C:\Aftershok 2008-11-12 14:19:27 ----D---- C:\Documents and Settings\Ken & Caroline\Application Data\Azureus 2008-11-12 14:19:26 ----D---- C:\Program Files\PeerGuardian2 2008-11-12 13:49:33 ----RSD---- C:\WINDOWS\assembly 2008-11-12 13:49:33 ----D---- C:\WINDOWS\Microsoft.NET 2008-11-12 13:37:42 ----SHD---- C:\WINDOWS\Installer 2008-11-12 13:36:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-12 13:35:12 ----D---- C:\WINDOWS\WinSxS 2008-11-12 13:34:56 ----HD---- C:\WINDOWS\inf 2008-11-12 13:34:51 ----D---- C:\Program Files\Internet Explorer 2008-11-12 11:55:17 ----D---- C:\PC Apps 3 2008-11-11 22:17:57 ----N---- C:\WINDOWS\system32\tijamuse.dll 2008-11-11 10:17:44 ----N---- C:\WINDOWS\system32\torazusa.dll 2008-11-10 22:17:31 ----N---- C:\WINDOWS\system32\vanozoyo.dll 2008-11-09 12:48:48 ----SHD---- C:\System Volume Information 2008-11-09 12:48:48 ----D---- C:\WINDOWS\system32\Restore 2008-11-07 16:50:12 ----D---- C:\dvd covers 2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-11-01 23:03:06 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\wbem 2008-11-01 22:53:51 ----D---- C:\WINDOWS\system32\Setup 2008-11-01 22:53:51 ----D---- C:\WINDOWS\AppPatch 2008-11-01 22:53:49 ----RSD---- C:\WINDOWS\Fonts 2008-11-01 10:41:22 ----D---- C:\WINDOWS\system32\dllcache 2008-11-01 10:41:19 ----D---- C:\Program Files\Messenger 2008-11-01 10:41:16 ----D---- C:\WINDOWS\system32\usmt 2008-11-01 10:41:14 ----D---- C:\WINDOWS\system32\oobe 2008-11-01 10:41:13 ----D---- C:\WINDOWS\system32\npp 2008-11-01 10:41:06 ----D---- C:\WINDOWS\system32\Com 2008-11-01 10:40:12 ----D---- C:\WINDOWS\system 2008-11-01 10:40:11 ----D---- C:\WINDOWS\srchasst 2008-11-01 10:40:11 ----D---- C:\WINDOWS\PeerNet 2008-11-01 10:40:10 ----D---- C:\WINDOWS\network diagnostic 2008-11-01 10:40:09 ----D---- C:\WINDOWS\msagent 2008-11-01 10:40:05 ----D---- C:\WINDOWS\ime 2008-11-01 10:40:05 ----D---- C:\WINDOWS\Help 2008-11-01 10:40:00 ----D---- C:\Program Files\Windows NT 2008-11-01 10:40:00 ----D---- C:\Program Files\Windows Media Player 2008-11-01 10:40:00 ----D---- C:\Program Files\Outlook Express 2008-11-01 10:39:59 ----D---- C:\Program Files\NetMeeting 2008-11-01 10:39:58 ----D---- C:\Program Files\Movie Maker 2008-11-01 10:39:54 ----D---- C:\Program Files\Common Files\System 2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\scripting 2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en-US 2008-11-01 10:39:38 ----D---- C:\WINDOWS\system32\en 2008-11-01 10:39:36 ----D---- C:\WINDOWS\system32\bits 2008-11-01 10:38:23 ----D---- C:\WINDOWS\l2schemas 2008-11-01 10:01:59 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-11-01 09:58:48 ----D---- C:\WINDOWS\EHome 2008-11-01 03:02:11 ----A---- C:\WINDOWS\win.ini 2008-11-01 03:01:31 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-11-01 03:00:33 ----D---- C:\Program Files\Microsoft Works 2008-10-31 07:33:03 ----D---- C:\WINDOWS\SoftwareDistribution 2008-10-30 03:01:05 ----A---- C:\WINDOWS\imsins.BAK 2008-10-27 10:43:49 ----D---- C:\WINDOWS\system32\config 2008-10-27 10:43:29 ----D---- C:\WINDOWS\Registration 2008-10-24 02:00:29 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-17 02:01:01 ----D---- C:\WINDOWS\ie7updates ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792] R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 [] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [] R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-12 85969] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008] S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-03 95360] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-01-30 917504] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-07-02 1155072] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568] R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-26 86016] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-26 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-03 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-03-05 68096] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF-----------------

11-16-2008, 07:08 AM	#23 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:00:40, on 16/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PC Apps 3\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/...ue&lcode=en-us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [rizozoribo] Rundll32.exe "C:\WINDOWS\system32\yekugebe.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8556 bytes

11-16-2008, 07:09 AM	#24 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 the Forum wont accept my combofix log cause its too long

11-16-2008, 07:46 AM	#25 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Do you mean it is too big, make sure your firewall is not blocking the file from being uploaded, if you can remember where the file is located. It can be found at this location: C:\QooBox\Quarantine\[4]-Submit_2008-11-16@xx.xx.zip Upload to this website: http://www.bleepingcomputer.com/subm....php?channel=4 Include this link into your submission: http://www.techsupportforum.com/security-center/hijackthis-log-help/310076-infected-trojan-adclicker-hb-trojan-generic-826214-a.html Let me know if you were successful/unsuccessful. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

11-16-2008, 09:55 AM	#26 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 The file was uploaded sucessfully Bruce.

11-17-2008, 05:14 PM	#31 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Bruce ive gotten as far as updating Kapersky and the update keeps failing with "Error..invalid file signature". I have my AV disabled.

11-18-2008, 04:13 AM	#32 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Hi, I you are still having problems with Kaspersky scan, do this instead: Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, we need to change the default settings. In the Menu Bar, Go to Options>Change Settings. Click on the Actions tab Using the drop down menus, change each item under Objects and Malware to Report Next, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'No to All' if it asks if you want to cure/move the file. After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Post the contents of the log from Dr.Web you saved previously in your next reply. Along with the Combofix.txt and Hijackthis log. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

11-19-2008, 04:17 PM	#35 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 The Dr webcureit logs showed up some infections...how come i was NOT to click on "cure" for these ? I'll do that combofix instruction tomoro..thanks.

11-22-2008, 04:58 AM	#37 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Thanks Bruce for all your help. You've been a Godsend. My PC is running spot on now again !!

11-23-2008, 03:57 AM	#38 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 You`re welcome, surf safely __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating