Computer thinks I have less room than I do?

Ohme123 · 07-03-2009, 09:53 PM

So, I wasn't sure exactly where to put this because I'm not sure if it's really a Spyware issue (though it probably is, heh), but my computer thinks that it has barely any room left. :/ Currently, my C Drive status is:

Preload (C:)

File System: NTFS
Free Space: 4.16 GB
Total Size: 142 GB

Now, I have a lot of music I've put onto my computer, so I wasn't terribly surprised at first, but then I downloaded a program called TreeSize Free (which basically sorts all of the files / folders in your C Drive by size, giving you the total size of your C Drive). TreeSize Free says my C Drive is 59,911.6 MB, which, if I've calculated correctly, is 58 GB. Now, I don't really know the logistics of TreeSize (it might not count hidden files, also it told me access to "System Volume Information" and "RPbackups" was denied), but 58 GB isn't even half of my total space. It's a pretty large discrepancy and I'm fairly certain somethings up, especially because a few days ago I cleaned out a TON of my unused programs / music / etc. All of a sudden all this space was taken up again in the span of a few days.

Here are my logs. Sorry, but gmer.exe crashed everytime I used it around half way through, and I tried like 3 times. So I gave up on that. If there's another program that does the same thing as Gmer.exe does I'll happily use it.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ben at 23:32:36.25 on Fri 07/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.65 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\JAM Software\TreeSize Free\TreeSizeFree.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ben\applic~1\mozilla\firefox\profiles\x75drwsn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {891ADDCD-BE3E-4B98-8F2B-7817B8025EFF} - c:\documents and settings\ben\local settings\application data\{891addcd-be3e-4b98-8f2b-7817b8025eff}\

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-3-23 11520]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-5-10 11608]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-3-23 4224]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-3-23 4442]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-5-10 68865]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-18 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-5-10 151297]
S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-5-10 52056]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

=============== Created Last 30 ================

2009-07-02 03:35 <DIR> --d----- c:\program files\Audio Identifier
2009-06-30 02:20 <DIR> a-d----- c:\docume~1\ben\applic~1\EurekaLog
2009-06-30 02:07 <DIR> a-d----- c:\docume~1\ben\applic~1\JAM Software
2009-06-30 02:07 <DIR> --d----- c:\program files\JAM Software
2009-06-18 03:28 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-06-18 03:27 <DIR> a-d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-06-18 03:27 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-18 03:27 <DIR> --d----- c:\program files\Viewpoint
2009-06-17 13:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-17 13:31 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-17 04:11 648,070 -------- c:\documents and settings\ben\EMPTIES.BAT

==================== Find3M ====================

2009-05-23 23:23 61,440 -------- c:\windows\system32\drivers\ohxswl.sys
2009-05-23 23:18 61,440 -------- c:\windows\system32\drivers\goshskie.sys
2009-05-23 12:21 61,440 -------- c:\windows\system32\drivers\jnwqbaam.sys
2009-05-07 11:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-03 00:02 862,688 -------- c:\windows\system32\rn.tmp
2009-04-29 00:56 827,392 -------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-25 00:13 47,616 ---sh--- c:\windows\system32\koyahune.exe
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 -------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-11 20:08 62,976 ---sh--- c:\windows\system32\wipusonu.exe
2008-09-29 15:20 32 -----r-- c:\documents and settings\all users\hash.dat
2008-03-23 06:18 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-05-10 01:30 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat

============= FINISH: 23:33:12.54 ===============

Ohme123 · 07-06-2009, 06:39 PM

Bump.

Ried · 07-06-2009, 06:59 PM

Hello Ohme123,

Are you also experiencing redirects in Google searches with Firefox? I see signs of infection that would point to such occurrences.

Please try this Rootkit scanner...

Download RootRepeal

Extract RootRepeal.exe from the zip archive.
Open on your desktop.
Click the tab.
Click the button.
Check all six boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Ohme123 · 07-08-2009, 08:42 PM

Here you go!

Also, I just checked my iTunes, and it says I have roughly 35 GB of music (give or take probably 10 GB because there is some stuff on my harddrive but not my iTunes). And while I do have other programs on my computer, I still find it incredibly hard to believe it's anywhere near 100 GBs worth of them. The largest program on my computer is my Microsoft Office Suite which is only 551 MB.

As for the redirecting, I've had that issue in the past but not recently...I got it all worked out here I believe.

Ried · 07-08-2009, 11:56 PM

Quote:

As for the redirecting, I've had that issue in the past but not recently...I got it all worked out here I believe.

No, you didn't.

Download GooredFix and save it to your desktop.

Double-click Goored.exe to run it.

Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply
Note: Do not run Option #2 yet.

Ohme123 · 07-09-2009, 02:32 AM

Didn't really see any options, it just said run 'Yes' or 'No'. Anyway, here you go!

GooredFix by jpshortstuff (03.07.09)
Log created at 04:30 on 09/07/2009 (Ben)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF} -> Success!
Deleting C:\Documents and Settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\ -> Backup error [1026]

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:50 24/06/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

Ried · 07-09-2009, 07:21 AM

Your FF was hijacked, but has now been cleared by GooredFix. It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Ohme123 · 07-09-2009, 09:01 PM

Here you are.

Also, I'm going camping from the 10th - 13th so I won't be responding then. :3

Ried · 07-09-2009, 09:22 PM

How long ago did you use ComboFix?

Ohme123 · 07-09-2009, 10:54 PM

It's been a while. Probably well over a month now. 2 or 3.

Ried · 07-09-2009, 11:38 PM

Based on the Kaspersky results, I think it best for me to review the log it produced at that time.

Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

C:\ComboFix.txt

A report should pop open for you. Please post the contents in your next reply.

Ohme123 · 07-09-2009, 11:46 PM

ComboFix 09-05-18.02 - Ben 05/18/2009 22:13.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.535 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\ld08.exe
c:\windows\sysguard.exe
c:\windows\system32\790151
c:\windows\system32\790151\790151.dll
c:\windows\system32\amujivey.ini
c:\windows\system32\bujaroki.dll
c:\windows\system32\gehimolo.dll.tmp
c:\windows\system32\nepumuwi.dll.tmp
c:\windows\system32\ratepiye.dll
c:\windows\system32\SYS32DLL.exe
c:\windows\system32\tibizoru.dll
c:\windows\system32\tuliyepi.dll.tmp
c:\windows\system32\yevijuma.dll
c:\windows\system32\yeyeviba.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-19 01:54 . 2009-05-19 01:58 -------- d-sh--w C:\RECYCLER(2)
2009-05-19 01:46 . 2009-05-19 01:58 -------- d-----w C:\ComboFix(2)
2009-05-19 01:26 . 2009-05-19 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\10455004
2009-05-14 08:56 . 2009-05-14 08:57 -------- d-----w C:\4d97f4995753674a536060f722ac
2009-05-12 07:01 . 2009-05-12 07:01 -------- d-----w c:\windows\system32\KB905474
2009-05-12 07:01 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-12 07:01 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-25 05:36 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-25 05:36 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-25 05:36 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-25 05:36 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-25 05:36 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-25 05:36 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 05:36 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 05:36 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 05:36 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-25 05:36 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-25 05:34 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-25 05:34 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 04:02 . 2009-05-03 04:02 862688 ----a-w c:\windows\system32\rn.tmp
2009-04-25 04:13 . 2009-01-25 04:13 47616 --sha-w c:\windows\system32\koyahune.exe
2009-04-14 02:37 . 2009-03-12 14:40 -------- d-----w c:\program files\DivX
2009-04-14 02:34 . 2008-03-23 10:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 00:08 . 2009-01-12 00:08 62976 --sha-w c:\windows\system32\wipusonu.exe
2009-04-06 05:59 . 2009-04-06 05:59 -------- d-----w c:\program files\CleanUp!
2009-03-25 20:53 . 2008-06-25 01:32 -------- d-----w c:\program files\EphPod
2009-03-22 02:58 . 2009-03-22 02:58 -------- d-----w c:\program files\7-Zip
2009-03-06 14:22 . 2006-04-30 06:55 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-04-30 06:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-04-30 06:55 78336 ------w c:\windows\system32\ieencode.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ------w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ------w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-12 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-10 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-10 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-23 50688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 9:33 PM 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 9:32 PM 19504]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [3/23/2008 6:07 AM 4442]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 8:50 PM 30312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 1:10 AM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 4:11 PM 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-19 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-23 16:22]

2009-05-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\x75drwsn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 22:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1572)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1628)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\nview.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\nvwddi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Last.fm\LastFM.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-05-19 22:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 02:26
ComboFix2.txt 2009-03-13 04:21
ComboFix3.txt 2009-03-09 23:10
ComboFix4.txt 2009-03-09 22:45
ComboFix5.txt 2009-04-25 05:20

Pre-Run: 697,958,400 bytes free
Post-Run: 696,066,048 bytes free

262 --- E O F --- 2009-05-15 07:01

Ried · 07-10-2009, 12:05 AM

Whomever previously helped you did not complete the malware removal job.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

File::
c:\windows\system32\rn.tmp
c:\windows\system32\koyahune.exe
c:\windows\system32\wipusonu.exe

Firefox::
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post that log for me along with an update on reported hdd space by your program TreeSizeFree

Ohme123 · 07-10-2009, 12:59 AM

Here you go. Right clicked on my C Drive and it says I only have 2.89 GB of space with a total size of 142 GB. TreeSize Free is telling me my C Drive has 61,419 MB (59 GB?) worth of files. Perhaps there's another program you know that gives you an accurate report on the size of your C Drive? I find this all extremely hard to believe considering I vividly remembering have 17 GB just a few weeks ago, and even finding that incredibly odd.
- - -

ComboFix 09-07-09.07 - Ben 07/10/2009 2:42.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.662 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\koyahune.exe"
"c:\windows\system32\rn.tmp"
"c:\windows\system32\wipusonu.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ben\Application Data\EurekaLog
c:\documents and settings\Ben\Application Data\wiaserva.log
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\chrome.manifest
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\chrome\content\_cfg.js
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\chrome\content\c.js
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\chrome\content\overlay.xul
c:\documents and settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\install.rdf
c:\program files\websrvx
c:\program files\websrvx\websrvx.exe
c:\windows\Installer\9d288.msp
c:\windows\sonce123148.dat
c:\windows\system32\Drivers\goshskie.sys
c:\windows\system32\Drivers\jnwqbaam.sys
c:\windows\system32\Drivers\ohxswl.sys
c:\windows\system32\koyahune.exe
c:\windows\system32\rn.tmp
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\wipusonu.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-04 02:13 . 2009-07-04 02:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-02 07:35 . 2009-07-04 06:07 -------- d-----w- c:\program files\Audio Identifier
2009-06-30 06:07 . 2009-06-30 06:07 -------- d---a-w- c:\documents and settings\Ben\Application Data\JAM Software
2009-06-30 06:07 . 2009-06-30 06:07 -------- d-----w- c:\program files\JAM Software
2009-06-23 16:58 . 2009-06-23 16:58 -------- d---a-w- c:\documents and settings\Ben\Local Settings\Application Data\AIM Toolbar
2009-06-22 04:01 . 2009-06-22 04:01 -------- d---a-w- c:\documents and settings\Ben\Application Data\dvdcss
2009-06-22 04:00 . 2009-06-22 04:00 -------- d---a-w- c:\documents and settings\Ben\Application Data\InterVideo
2009-06-18 07:28 . 2009-06-18 07:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-18 07:27 . 2009-06-18 07:27 -------- d-----w- c:\program files\AIM Toolbar
2009-06-18 07:27 . 2009-06-18 07:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-06-17 17:34 . 2009-07-07 05:30 117760 ----a-w- c:\documents and settings\Ben\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-17 17:33 . 2009-07-04 00:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-17 17:31 . 2009-06-17 17:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-17 08:11 . 2009-06-17 08:13 648070 ------w- c:\documents and settings\Ben\EMPTIES.BAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 02:47 . 2008-06-24 17:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-04 02:13 . 2009-03-12 14:40 -------- d-----w- c:\program files\DivX
2009-06-18 07:28 . 2008-06-24 17:21 -------- d-----w- c:\program files\AIM6
2009-05-19 01:58 . 2009-05-19 01:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\10455004
2009-05-07 15:32 . 2006-04-30 06:55 345600 ------w- c:\windows\system32\localspl.dll
2009-05-06 18:11 . 2009-05-06 18:11 69120 ------w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-29 04:56 . 2006-04-30 06:56 827392 ------w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-04-30 06:55 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-04-30 06:55 585216 ------w- c:\windows\system32\rpcrt4.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ------w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ------w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-19_02.19.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 05:29 . 2009-07-07 05:29 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2009-05-22 00:25 . 1999-05-27 16:48 12800 c:\windows\system32\WING32.DLL
+ 2009-05-22 00:25 . 1999-05-27 16:48 92208 c:\windows\system32\WING.DLL
+ 2006-04-30 06:56 . 2008-04-14 00:12 26112 c:\windows\system32\win32x.exe
- 2008-03-23 09:59 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-03-23 09:59 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 04:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 10:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 10:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2006-04-30 06:55 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2006-04-30 06:55 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2006-04-30 06:55 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 18:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 18:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2008-05-10 11:06 . 2009-05-27 21:46 75096 c:\windows\system32\drivers\avipbb.sys
+ 2006-04-30 07:09 . 2004-08-04 12:00 13894 c:\windows\system32\dllcache\zonelibm.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 29760 c:\windows\system32\dllcache\znetm.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 41029 c:\windows\system32\dllcache\zcorem.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 36937 c:\windows\system32\dllcache\zclientm.exe
+ 2006-04-30 07:11 . 2004-08-04 12:00 25088 c:\windows\system32\dllcache\wisc10.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 32339 c:\windows\system32\dllcache\uniansi.dll
+ 2006-04-30 07:11 . 2004-08-04 12:00 47104 c:\windows\system32\dllcache\srdiag.exe
+ 2006-04-30 06:56 . 2008-04-13 16:43 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2006-04-30 00:04 . 2004-08-04 12:00 61440 c:\windows\system32\dllcache\spcplui.dll
+ 2006-04-30 00:04 . 2004-08-04 12:00 77824 c:\windows\system32\dllcache\spcommon.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 66113 c:\windows\system32\dllcache\shvl.dll
+ 2006-04-30 00:04 . 2004-08-04 12:00 36864 c:\windows\system32\dllcache\sapisvr.exe
+ 2006-04-30 07:09 . 2004-08-04 12:00 48706 c:\windows\system32\dllcache\rvse.dll
- 2006-10-17 18:58 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-17 18:58 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 51200 c:\windows\system32\dllcache\oobebaln.exe
+ 2006-04-30 06:55 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\nppagent.exe
+ 2006-04-30 07:11 . 2004-08-04 12:00 35328 c:\windows\system32\dllcache\notiflag.exe
+ 2006-04-30 06:55 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\ndisnpp.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 90624 c:\windows\system32\dllcache\muisetup.exe
+ 2006-04-30 07:10 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2006-04-30 07:11 . 2004-08-04 12:00 23552 c:\windows\system32\dllcache\mssoapr.dll
+ 2006-04-30 07:11 . 2008-04-14 00:12 29184 c:\windows\system32\dllcache\msoobe.exe
+ 2006-04-30 07:10 . 2008-04-14 00:12 19456 c:\windows\system32\dllcache\msobweb.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\msobshel.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\msobdl.dll
+ 2006-04-30 06:55 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\mslwvtts.dll
- 2008-05-10 05:34 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-05-10 05:34 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2006-04-30 07:10 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2006-04-30 07:10 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2006-04-30 07:10 . 2008-04-13 17:24 16384 c:\windows\system32\dllcache\msdaorar.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msador15.dll
+ 2006-04-30 07:10 . 2008-04-13 17:26 24576 c:\windows\system32\dllcache\msader15.dll
+ 2006-04-30 07:10 . 2008-04-13 17:25 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2006-04-30 07:10 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2006-04-30 07:10 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2006-04-30 06:56 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\log.dll
+ 2006-11-08 04:03 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-05-10 05:34 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-05-10 05:34 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 10:26 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 10:26 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 10:26 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 10:26 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-05-10 05:34 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-05-10 05:34 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 18432 c:\windows\system32\dllcache\hscupd.exe
+ 2006-04-30 07:09 . 2004-08-04 12:00 57409 c:\windows\system32\dllcache\hrtz.dll
+ 2006-04-30 06:55 . 2004-08-04 12:00 87552 c:\windows\system32\dllcache\hhctrlui.dll
+ 2006-04-30 07:11 . 2004-08-04 12:00 99840 c:\windows\system32\dllcache\helphost.exe
+ 2006-04-30 07:28 . 2008-04-13 16:44 17920 c:\windows\system32\dllcache\cobramsg.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 40515 c:\windows\system32\dllcache\chkr.dll
+ 2006-04-30 07:11 . 2004-08-04 12:00 21504 c:\windows\system32\dllcache\brpinfo.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 82501 c:\windows\system32\dllcache\bckg.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2006-04-30 00:04 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041f.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2006-04-30 00:04 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0419.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2006-04-30 00:04 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0415.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2006-04-30 00:04 . 2007-04-02 18:26 19968 c:\windows\system32\dllcache\agt040e.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2006-04-30 06:55 . 2008-04-13 17:32 19968 c:\windows\system32\dllcache\agt0409.dll
+ 2006-04-30 00:04 . 2007-04-02 18:26 22016 c:\windows\system32\dllcache\agt0408.dll
+ 2006-04-30 06:55 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2006-04-30 06:55 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2006-04-30 00:04 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agentanm.dll
- 2008-05-10 04:52 . 2009-03-13 04:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-10 04:52 . 2009-05-23 06:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-10 04:52 . 2009-03-13 04:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-10 04:52 . 2009-05-23 06:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-10 04:52 . 2009-03-13 04:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-10 04:52 . 2009-05-23 06:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-22 00:30 . 1999-05-27 16:48 12800 c:\windows\system\WING32.DLL
+ 2009-03-08 21:55 . 2009-03-08 21:55 26624 c:\windows\Installer\dba2683.msi
+ 2008-06-25 08:24 . 2008-06-25 08:24 29696 c:\windows\Installer\59594.msi
+ 2008-08-17 06:42 . 2008-08-17 06:42 54272 c:\windows\Installer\24881dcc.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 88576 c:\windows\Installer\23e4a.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 48128 c:\windows\Installer\22a1a.msi
+ 2009-06-17 17:33 . 2009-06-17 17:33 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-17 17:33 . 2009-06-17 17:33 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-23 10:43 . 2009-06-15 07:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 04:13 . 2006-10-27 04:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 03:55 . 2006-10-27 03:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2009-06-11 03:54 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-11 03:54 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-11 03:54 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-11 03:54 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-11 03:54 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
- 2008-06-24 17:21 . 2008-06-24 17:21 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-06-24 17:21 . 2009-06-18 07:27 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-06-11 03:56 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-11 03:56 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB969897-IE7\update\spcustom.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB969897-IE7\spmsg.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\pngfilt.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 52224 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeedsbs.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 27648 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\jsproxy.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 13824 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iernonce.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 78336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieencode.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 70656 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ie4uinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 63488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\icardie.dll
+ 2009-06-11 03:53 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-11 03:53 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-11 04:00 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-11 04:00 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-05-22 00:25 . 1999-05-27 16:48 6736 c:\windows\system32\WINGDIB.DRV
+ 2006-04-30 07:09 . 2004-08-04 12:00 4677 c:\windows\system32\dllcache\zeeverm.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\wmm2res2.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 7680 c:\windows\system32\dllcache\wmm2ext.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\wmm2eres.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaurl.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdasc.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaer.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaenum.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdadc.dll
+ 2006-04-30 06:56 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\fsconins.dll
- 2008-11-25 17:34 . 2009-05-01 15:39 7962 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin
+ 2008-11-25 17:34 . 2009-06-11 03:50 7962 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-05-22 00:25 . 1999-05-27 16:48 188960 c:\windows\system32\WINGDE.DLL
+ 2006-04-30 06:56 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
- 2006-04-30 06:56 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2006-04-30 06:56 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2006-04-30 06:56 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2009-05-19 01:58 . 2009-07-04 02:14 932316 c:\windows\system32\Restore\rstrlog.dat
- 2006-04-30 06:55 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 04:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2006-10-17 18:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 18:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 18:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 18:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
- 2006-04-30 06:55 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2006-04-30 06:55 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 113222 c:\windows\system32\dllcache\zoneclim.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 325632 c:\windows\system32\dllcache\wmm2fxb.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 502272 c:\windows\system32\dllcache\wmm2fxa.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 402432 c:\windows\system32\dllcache\wmm2filt.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 167936 c:\windows\system32\dllcache\wmm2ae.dll
+ 2006-11-08 04:03 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 04:03 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 04:03 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
+ 2006-04-30 07:11 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
+ 2006-10-17 19:05 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 19:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 150528 c:\windows\system32\dllcache\uploadm.exe
+ 2006-04-30 07:10 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
+ 2006-04-30 07:28 . 2008-04-14 00:12 173568 c:\windows\system32\dllcache\sysmoda.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 193024 c:\windows\system32\dllcache\sysmod.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 217088 c:\windows\system32\dllcache\sqlxmlx.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 110592 c:\windows\system32\dllcache\sqlse20.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 462848 c:\windows\system32\dllcache\sqlqp20.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 151552 c:\windows\system32\dllcache\sqldb20.dll
+ 2006-04-30 00:04 . 2004-08-04 12:00 774144 c:\windows\system32\dllcache\spttseng.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 648704 c:\windows\system32\dllcache\sprc0C0A.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 639488 c:\windows\system32\dllcache\sprc0816.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 322560 c:\windows\system32\dllcache\sprc0804.dll
+ 2008-04-13 18:40 . 2008-04-13 18:40 576512 c:\windows\system32\dllcache\sprc0424.dll
+ 2008-04-13 18:40 . 2008-04-13 18:40 592896 c:\windows\system32\dllcache\sprc041f.dll
+ 2008-04-13 18:40 . 2008-04-13 18:40 590848 c:\windows\system32\dllcache\sprc041D.dll
+ 2008-04-13 18:40 . 2008-04-13 18:40 577536 c:\windows\system32\dllcache\sprc041b.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 627200 c:\windows\system32\dllcache\sprc0419.dll
+ 2008-04-13 18:38 . 2008-04-13 18:38 620032 c:\windows\system32\dllcache\sprc0416.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 641024 c:\windows\system32\dllcache\sprc0415.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 591872 c:\windows\system32\dllcache\sprc0414.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 645120 c:\windows\system32\dllcache\sprc0413.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 392704 c:\windows\system32\dllcache\sprc0412.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 412672 c:\windows\system32\dllcache\sprc0411.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 658432 c:\windows\system32\dllcache\sprc0410.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 645120 c:\windows\system32\dllcache\sprc040e.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 620544 c:\windows\system32\dllcache\sprc040D.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 663040 c:\windows\system32\dllcache\sprc040C.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 604672 c:\windows\system32\dllcache\sprc040b.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 679936 c:\windows\system32\dllcache\sprc0408.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 663552 c:\windows\system32\dllcache\sprc0407.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 605696 c:\windows\system32\dllcache\sprc0406.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 601088 c:\windows\system32\dllcache\sprc0405.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 327680 c:\windows\system32\dllcache\sprc0404.dll
+ 2008-04-13 18:39 . 2008-04-13 18:39 656896 c:\windows\system32\dllcache\sprc0401.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 773632 c:\windows\system32\dllcache\sprb0C0A.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 751616 c:\windows\system32\dllcache\sprb0816.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 470016 c:\windows\system32\dllcache\sprb0804.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 732160 c:\windows\system32\dllcache\sprb0424.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 724480 c:\windows\system32\dllcache\sprb041f.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 724480 c:\windows\system32\dllcache\sprb041D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 757248 c:\windows\system32\dllcache\sprb041b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 736768 c:\windows\system32\dllcache\sprb0419.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 752128 c:\windows\system32\dllcache\sprb0416.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 759808 c:\windows\system32\dllcache\sprb0415.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 716288 c:\windows\system32\dllcache\sprb0414.dll
+ 2006-04-30 06:56 . 2008-04-13 18:38 769024 c:\windows\system32\dllcache\sprb0413.dll
+ 2006-04-30 06:56 . 2008-04-13 18:37 543744 c:\windows\system32\dllcache\sprb0412.dll
+ 2006-04-30 06:56 . 2008-04-13 18:37 562688 c:\windows\system32\dllcache\sprb0411.dll
+ 2006-04-30 06:56 . 2008-04-13 18:37 769536 c:\windows\system32\dllcache\sprb0410.dll
+ 2006-04-30 06:56 . 2008-04-13 18:37 769536 c:\windows\system32\dllcache\sprb040e.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 793088 c:\windows\system32\dllcache\sprb040C.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 729088 c:\windows\system32\dllcache\sprb040b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 801280 c:\windows\system32\dllcache\sprb0408.dll
+ 2006-04-30 06:56 . 2008-04-13 18:37 788480 c:\windows\system32\dllcache\sprb0407.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 742912 c:\windows\system32\dllcache\sprb0406.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 734720 c:\windows\system32\dllcache\sprb0405.dll
+ 2006-04-30 06:56 . 2008-04-13 18:36 477696 c:\windows\system32\dllcache\sprb0404.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 196096 c:\windows\system32\dllcache\spra0C0A.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 194560 c:\windows\system32\dllcache\spra0816.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 161280 c:\windows\system32\dllcache\spra0804.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 189952 c:\windows\system32\dllcache\spra0427.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188928 c:\windows\system32\dllcache\spra0426.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 186880 c:\windows\system32\dllcache\spra0425.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra0424.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188928 c:\windows\system32\dllcache\spra041f.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188416 c:\windows\system32\dllcache\spra041e.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188928 c:\windows\system32\dllcache\spra041D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra041b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188928 c:\windows\system32\dllcache\spra041a.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra0419.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 190464 c:\windows\system32\dllcache\spra0418.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra0416.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 194560 c:\windows\system32\dllcache\spra0415.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 189440 c:\windows\system32\dllcache\spra0414.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 196096 c:\windows\system32\dllcache\spra0413.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 167936 c:\windows\system32\dllcache\spra0412.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 171008 c:\windows\system32\dllcache\spra0411.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 195072 c:\windows\system32\dllcache\spra0410.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 195584 c:\windows\system32\dllcache\spra040e.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 181760 c:\windows\system32\dllcache\spra040D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 197632 c:\windows\system32\dllcache\spra040C.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 186368 c:\windows\system32\dllcache\spra040b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 197632 c:\windows\system32\dllcache\spra0408.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 199680 c:\windows\system32\dllcache\spra0407.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 192000 c:\windows\system32\dllcache\spra0406.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 188928 c:\windows\system32\dllcache\spra0405.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 161280 c:\windows\system32\dllcache\spra0404.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 189440 c:\windows\system32\dllcache\spra0402.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 186880 c:\windows\system32\dllcache\spra0401.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\softkbd.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 189440 c:\windows\system32\dllcache\smtpadm.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 221696 c:\windows\system32\dllcache\seo.dll
+ 2006-04-30 07:28 . 2008-04-14 00:12 199680 c:\windows\system32\dllcache\scripta.dll
+ 2006-04-30 06:56 . 2008-04-14 00:12 215552 c:\windows\system32\dllcache\script.dll
+ 2006-04-30 00:04 . 2008-04-14 00:12 741376 c:\windows\system32\dllcache\sapi.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-10-17 19:04 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 19:04 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 446464 c:\windows\system32\dllcache\obrb0C0A.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 435200 c:\windows\system32\dllcache\obrb0816.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 270336 c:\windows\system32\dllcache\obrb0804.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 408576 c:\windows\system32\dllcache\obrb0424.dll
+ 2006-04-30 06:56 . 2008-04-13 18:41 390144 c:\windows\system32\dllcache\obrb041f.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 363008 c:\windows\system32\dllcache\obrb041D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 405504 c:\windows\system32\dllcache\obrb041b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 427008 c:\windows\system32\dllcache\obrb0419.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 409600 c:\windows\system32\dllcache\obrb0416.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 391680 c:\windows\system32\dllcache\obrb0415.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 353792 c:\windows\system32\dllcache\obrb0414.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 401920 c:\windows\system32\dllcache\obrb0413.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 306688 c:\windows\system32\dllcache\obrb0412.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 275456 c:\windows\system32\dllcache\obrb0411.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 413696 c:\windows\system32\dllcache\obrb0410.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 434176 c:\windows\system32\dllcache\obrb040e.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 384000 c:\windows\system32\dllcache\obrb040D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 410624 c:\windows\system32\dllcache\obrb040C.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 405504 c:\windows\system32\dllcache\obrb040b.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 419328 c:\windows\system32\dllcache\obrb0408.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 403456 c:\windows\system32\dllcache\obrb0407.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 418816 c:\windows\system32\dllcache\obrb0406.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 428032 c:\windows\system32\dllcache\obrb0405.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 212480 c:\windows\system32\dllcache\obrb0404.dll
+ 2006-04-30 06:56 . 2008-04-13 18:40 393728 c:\windows\system32\dllcache\obrb0401.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-11-08 04:03 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-04-30 07:11 . 2004-08-04 12:00 235520 c:\windows\system32\dllcache\mssoap1.dll
- 2006-10-17 19:05 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-10-17 19:05 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-04-30 06:55 . 2008-04-14 00:12 565248 c:\windows\system32\dllcache\msobmain.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 122368 c:\windows\system32\dllcache\msobcomm.dll
+ 2006-04-30 07:10 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2006-11-08 04:03 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-05-10 05:34 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-10 05:34 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 233472 c:\windows\system32\dllcache\msdaora.dll
+ 2006-04-30 06:56 . 2008-04-14 00:11 220160 c:\windows\system32\dllcache\mscandui.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2006-04-30 07:10 . 2008-04-14 00:11 155648 c:\windows\system32\dllcache\msadds.dll
+ 2006-04-30 07:28 . 2008-04-14 00:12 241152 c:\windows\system32\dllcache\migwiza.exe
+ 2006-04-30 06:56 . 2008-04-14 00:12 103936 c:\windows\system32\dllcache\migload.exe
+ 2005-04-28 19:16 . 2008-04-14 00:11 261120 c:\windows\system32\dllcache\migisma.dll
+ 2006-04-30 06:56 . 2008-04-14 00:11 274432 c:\windows\system32\dllcache\migism.dll
+ 2006-04-30 06:55 . 2004-08-04 12:00 362496 c:\windows\system32\dllcache\metal_ss.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2006-10-17 19:04 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2008-05-10 05:34 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-05-10 05:34 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 10:27 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 10:27 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-05-10 05:34 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-05-10 05:34 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 10:25 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 10:25 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 10:27 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 10:27 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 10:26 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 10:26 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-04-30 06:55 . 2004-08-04 12:00 362496 c:\windows\system32\dllcache\home_ss.dll
+ 2006-04-30 07:28 . 2008-04-14 00:11 115200 c:\windows\system32\dllcache\guitrna.dll
+ 2006-04-30 06:56 . 2008-04-14 00:11 133120 c:\windows\system32\dllcache\guitrn.dll
+ 2006-04-30 07:18 . 2008-04-14 00:11 618605 c:\windows\system32\dllcache\fp4autl.dll
+ 2006-11-08 04:03 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-10-17 18:57 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 18:57 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-10-17 18:58 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-10-17 18:58 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-04-30 07:10 . 2008-01-19 11:04 554008 c:\windows\system32\dllcache\dao360.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 217160 c:\windows\system32\dllcache\cmnclim.dll
+ 2006-04-30 06:55 . 2008-04-14 00:12 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2006-04-30 06:55 . 2008-04-14 00:11 214016 c:\windows\system32\dllcache\agentctl.dll
- 2006-11-07 10:26 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 10:26 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2006-04-30 06:55 . 2008-04-14 00:11 141312 c:\windows\system32\dllcache\aclua.dll
+ 2006-04-30 06:55 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2006-04-30 06:55 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2008-05-10 05:11 . 2004-08-04 12:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-05-10 05:11 . 2004-08-04 12:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2008-03-23 10:07 . 2007-04-16 03:55 468064 c:\windows\Installer\iProData\mWlsSafe.msi
+ 2008-03-23 10:07 . 2007-04-16 03:54 471124 c:\windows\Installer\iProData\mProSafe.msi
+ 2008-03-23 10:08 . 2008-03-23 10:08 465920 c:\windows\Installer\fab55.msi
+ 2008-03-23 10:08 . 2008-03-23 10:08 469504 c:\windows\Installer\fab4f.msi
+ 2008-03-23 10:08 . 2008-03-23 10:08 841728 c:\windows\Installer\fab49.msi
+ 2008-03-23 10:08 . 2008-03-23 10:08 577536 c:\windows\Installer\fab43.msi
+ 2008-03-23 10:07 . 2008-03-23 10:07 539136 c:\windows\Installer\fab36.msi
+ 2008-03-23 10:07 . 2008-03-23 10:07 428544 c:\windows\Installer\fab30.msi
+ 2006-04-30 07:21 . 2006-04-30 07:21 264704 c:\windows\Installer\f08f.msi
+ 2009-03-19 07:01 . 2009-03-19 07:01 817152 c:\windows\Installer\7d1d220.msi
+ 2009-03-19 07:01 . 2009-03-19 07:01 813568 c:\windows\Installer\7d1d1f6.msi
+ 2008-06-25 08:24 . 2008-06-25 08:24 697856 c:\windows\Installer\5957f.msi
+ 2008-06-24 21:09 . 2008-06-24 21:09 467456 c:\windows\Installer\51f38.msi
+ 2008-06-24 20:44 . 2008-06-24 20:44 289792 c:\windows\Installer\51f08.msi
+ 2008-09-03 10:06 . 2008-09-03 10:06 868864 c:\windows\Installer\4ea8453b.msi
+ 2008-09-03 10:01 . 2008-09-03 10:01 431104 c:\windows\Installer\4ea84470.msi
+ 2008-11-12 08:00 . 2008-11-12 08:00 432640 c:\windows\Installer\432328dc.msi
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\2e5d9fe9.msp
+ 2009-06-18 07:27 . 2009-06-18 07:27 122880 c:\windows\Installer\2d0bc41.msi
+ 2007-10-15 06:44 . 2007-10-15 06:44 324608 c:\windows\Installer\2402867.msp
+ 2007-10-15 06:46 . 2007-10-15 06:46 324608 c:\windows\Installer\2402861.msp
+ 2008-03-23 10:24 . 2008-03-23 10:24 281600 c:\windows\Installer\23e44.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 293888 c:\windows\Installer\23e3c.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 254976 c:\windows\Installer\23e35.msi
+ 2008-03-23 10:22 . 2008-03-23 10:22 228352 c:\windows\Installer\23d09.msi
+ 2008-03-23 10:21 . 2008-03-23 10:21 221184 c:\windows\Installer\23d03.msi
+ 2009-03-12 14:40 . 2009-03-12 14:40 152576 c:\windows\Installer\22e741.msi
+ 2008-03-23 10:49 . 2008-03-23 10:49 643072 c:\windows\Installer\22ac0.msi
+ 2008-03-23 10:49 . 2008-03-23 10:49 966144 c:\windows\Installer\22abb.msi
+ 2008-03-23 10:49 . 2008-03-23 10:49 591872 c:\windows\Installer\22ab6.msi
+ 2008-03-23 10:42 . 2008-03-23 10:42 501248 c:\windows\Installer\22a44.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 501248 c:\windows\Installer\22a30.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 506880 c:\windows\Installer\22a2b.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 516608 c:\windows\Installer\22a25.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 513024 c:\windows\Installer\22a1f.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 501248 c:\windows\Installer\22a03.msi
+ 2008-09-20 00:06 . 2008-09-20 00:06 532992 c:\windows\Installer\21bd4.msi
+ 2008-09-14 04:01 . 2008-09-14 04:01 257024 c:\windows\Installer\1e986bc.msi
- 2008-03-23 10:43 . 2009-05-14 21:45 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2006-10-27 22:16 . 2006-10-27 22:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 22:16 . 2006-10-27 22:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 03:55 . 2006-10-27 03:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2009-06-11 03:54 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-11 03:54 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-11 03:54 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-11 03:54 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-11 03:54 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2009-06-11 03:56 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 03:56 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 03:56 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE7\update\updspapi.dll
+ 2009-06-11 03:54 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2009-06-11 03:54 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB969897-IE7\spuninst.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 828928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 233472 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\webcheck.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 105984 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\url.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 102912 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\occache.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 671232 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mstime.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 193024 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msrating.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 477696 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtmled.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 459264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeeds.dll
+ 2009-04-25 05:27 . 2009-04-25 05:27 636088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 268288 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iertutil.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 388608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iedkcs32.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 380928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dll
+ 2009-04-25 05:26 . 2009-04-25 05:26 161792 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakui.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 230400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieaksie.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 153088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakeng.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 132608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\extmgr.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 214528 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtrans.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 347136 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtmsft.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 124928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\advpack.dll
+ 2009-06-11 03:53 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 03:53 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 03:53 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-11 04:00 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 04:00 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 04:00 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2006-04-30 06:56 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2006-04-30 06:56 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2006-04-30 06:55 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
+ 2006-11-08 04:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
- 2006-11-08 04:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2006-04-30 00:03 . 2009-06-11 06:04 1657968 c:\windows\system32\FNTCACHE.DAT
- 2006-04-30 00:03 . 2009-03-11 07:08 1657968 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-14 21:00 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2006-11-08 04:03 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-04-30 06:56 . 2004-08-04 12:00 3374640 c:\windows\system32\dllcache\tourW.exe
+ 2006-04-30 06:56 . 2008-04-13 18:37 2842112 c:\windows\system32\dllcache\sprb040D.dll
+ 2006-04-30 06:56 . 2008-04-13 18:35 2869248 c:\windows\system32\dllcache\sprb0401.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 2134528 c:\windows\system32\dllcache\smtpsnap.dll
+ 2006-11-08 04:03 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
+ 2006-04-30 07:11 . 2008-04-14 00:11 3166208 c:\windows\system32\dllcache\msgr3en.dll
- 2008-05-10 05:34 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-05-10 05:34 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2006-04-30 07:09 . 2004-08-04 12:00 1039955 c:\windows\system32\dllcache\cmnresm.dll
+ 2008-05-10 05:11 . 2004-08-04 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-05-10 05:11 . 2004-08-04 12:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 19:08 . 2007-05-25 19:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-03-23 10:07 . 2007-01-30 00:04 1528320 c:\windows\Installer\iProData\msxml6.msi
+ 2008-03-23 10:07 . 2007-04-16 03:54 2021376 c:\windows\Installer\iProData\mPfMgr.msi
+ 2008-03-23 10:07 . 2007-04-16 03:51 2205184 c:\windows\Installer\iProData\mMHouse.msi
+ 2008-03-23 10:07 . 2007-05-01 05:19 3833856 c:\windows\Installer\iProData\mDriver.msi
+ 2008-03-23 10:07 . 2007-04-16 03:47 3799040 c:\windows\Installer\iProData\mCore.msi
+ 2008-03-23 10:14 . 2008-03-23 10:14 5726720 c:\windows\Installer\fab6a.msi
+ 2008-03-23 10:10 . 2008-03-23 10:10 2298880 c:\windows\Installer\fab62.msi
+ 2008-03-23 10:08 . 2008-03-23 10:08 1421824 c:\windows\Installer\fab5b.msi
+ 2008-09-13 03:20 . 2008-09-13 03:20 2428416 c:\windows\Installer\d3755fa.msi
+ 2008-09-13 03:19 . 2008-09-13 03:19 1780224 c:\windows\Installer\d3755f4.msi
+ 2008-09-13 03:18 . 2008-09-13 03:18 1718272 c:\windows\Installer\d3755ef.msi
+ 2008-09-13 03:18 . 2008-09-13 03:18 1725952 c:\windows\Installer\d3755ea.msi
+ 2008-09-13 03:18 . 2008-09-13 03:18 1954304 c:\windows\Installer\d3755e5.msi
+ 2008-09-13 03:18 . 2008-09-13 03:18 1826816 c:\windows\Installer\d3755e0.msi
+ 2008-09-13 03:17 . 2008-09-13 03:17 1726976 c:\windows\Installer\d3755c9.msi
+ 2008-09-13 03:17 . 2008-09-13 03:17 1879040 c:\windows\Installer\d3755c4.msi
+ 2008-09-13 03:17 . 2008-09-13 03:17 1730048 c:\windows\Installer\d3755bf.msi
+ 2008-09-13 03:16 . 2008-09-13 03:16 1761792 c:\windows\Installer\d3755ba.msi
+ 2008-09-13 03:16 . 2008-09-13 03:16 1735680 c:\windows\Installer\d3755b5.msi
+ 2008-09-13 03:16 . 2008-09-13 03:16 1744384 c:\windows\Installer\d3755b0.msi
+ 2008-09-13 03:15 . 2008-09-13 03:15 1842688 c:\windows\Installer\d3755ab.msi
+ 2008-09-13 03:15 . 2008-09-13 03:15 2159104 c:\windows\Installer\d3755a5.msi
+ 2008-09-13 03:14 . 2008-09-13 03:14 1715712 c:\windows\Installer\d3755a0.msi
+ 2008-09-13 03:13 . 2008-09-13 03:13 1715712 c:\windows\Installer\d37559a.msi
+ 2008-09-13 03:13 . 2008-09-13 03:13 1716736 c:\windows\Installer\d375594.msi
+ 2008-09-13 03:13 . 2008-09-13 03:13 1715712 c:\windows\Installer\d37558e.msi
+ 2008-09-13 03:13 . 2008-09-13 03:13 1728000 c:\windows\Installer\d375588.msi
+ 2008-09-13 03:13 . 2008-09-13 03:13 1718272 c:\windows\Installer\d375583.msi
+ 2008-09-13 03:12 . 2008-09-13 03:12 1761792 c:\windows\Installer\d37557e.msi
+ 2008-09-13 03:12 . 2008-09-13 03:12 1753088 c:\windows\Installer\d375579.msi
+ 2008-09-13 03:12 . 2008-09-13 03:12 1720832 c:\windows\Installer\d375574.msi
+ 2008-09-13 03:11 . 2008-09-13 03:11 2595840 c:\windows\Installer\d37556f.msi
+ 2008-09-13 03:09 . 2008-09-13 03:09 1826304 c:\windows\Installer\d37556a.msi
+ 2008-09-13 03:08 . 2008-09-13 03:08 1716736 c:\windows\Installer\d375565.msi
+ 2008-09-13 03:07 . 2008-09-13 03:07 1767424 c:\windows\Installer\d375560.msi
+ 2008-08-20 21:37 . 2008-08-20 21:37 5107712 c:\windows\Installer\8b24ae5.msp
+ 2008-05-21 07:45 . 2008-05-21 07:45 5246976 c:\windows\Installer\8b24a8f.msp
+ 2009-02-06 04:16 . 2009-02-06 04:16 3762688 c:\windows\Installer\7fe0966.msi
+ 2009-02-06 04:14 . 2009-02-06 04:14 1652224 c:\windows\Installer\7fe07db.msi
+ 2009-02-06 04:13 . 2009-02-06 04:13 8992256 c:\windows\Installer\7fe07ce.msi
+ 2009-02-06 04:12 . 2009-02-06 04:12 1549312 c:\windows\Installer\7fe0531.msi
+ 2009-02-06 04:11 . 2009-02-06 04:11 3152384 c:\windows\Installer\7fe04f6.msi
+ 2009-03-19 07:04 . 2009-03-19 07:04 6643712 c:\windows\Installer\7d1d277.msi
+ 2009-03-19 07:02 . 2009-03-19 07:02 1087488 c:\windows\Installer\7d1d232.msi
+ 2008-03-23 09:58 . 2008-03-23 09:58 2109440 c:\windows\Installer\72295.msi
+ 2008-02-15 15:54 . 2008-02-15 15:54 9736192 c:\windows\Installer\4ea84610.msp
+ 2007-03-31 05:20 . 2007-03-31 05:20 5800960 c:\windows\Installer\4ea845ce.msp
+ 2008-04-12 01:08 . 2008-04-12 01:08 6302720 c:\windows\Installer\4ea844f0.msp
+ 2008-04-12 01:48 . 2008-04-12 01:48 6774272 c:\windows\Installer\4ea844c5.msp
+ 2007-07-08 18:34 . 2007-07-08 18:34 6648832 c:\windows\Installer\4ea844b2.msp
+ 2008-07-17 02:01 . 2008-07-17 02:01 5110272 c:\windows\Installer\4ea84482.msp
+ 2008-04-18 21:56 . 2008-04-18 21:56 6215680 c:\windows\Installer\4ea84458.msp
+ 2007-06-01 22:54 . 2007-06-01 22:54 9626624 c:\windows\Installer\4ea84436.msp
+ 2008-10-20 15:19 . 2008-10-20 15:19 5100032 c:\windows\Installer\4323290f.msp
+ 2006-04-30 07:25 . 2006-04-30 07:25 3443712 c:\windows\Installer\41ee3.msi
+ 2009-02-07 03:31 . 2009-02-07 03:31 5047808 c:\windows\Installer\3fb8bba.msp
+ 2008-10-05 08:12 . 2008-10-05 08:12 4784128 c:\windows\Installer\33e6c75.msp
+ 2008-06-24 18:37 . 2008-06-24 18:37 1247744 c:\windows\Installer\3368b.msi
+ 2008-06-24 19:18 . 2008-06-24 19:18 9613312 c:\windows\Installer\2eb0cb.msi
+ 2008-06-24 19:15 . 2008-06-24 19:15 1640960 c:\windows\Installer\2eb0b0.msi
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\2e5da064.msp
+ 2009-05-04 11:47 . 2009-05-04 11:47 9124864 c:\windows\Installer\2e5da041.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\2e5da01f.msp
+ 2009-05-07 13:17 . 2009-05-07 13:17 5026816 c:\windows\Installer\2e5da00c.msp
+ 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\2e5d9fc8.msp
+ 2008-11-13 07:57 . 2008-11-13 07:57 5099520 c:\windows\Installer\2b3876f1.msp
+ 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\2b3876ce.msp
+ 2009-04-24 16:28 . 2009-04-24 16:28 4450816 c:\windows\Installer\24e4a.msp
+ 2008-07-01 02:45 . 2008-07-01 02:45 4753408 c:\windows\Installer\24881dd2.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 5749760 c:\windows\Installer\2402841.msp
+ 2008-03-23 10:26 . 2008-03-23 10:26 8009728 c:\windows\Installer\23e60.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 1151488 c:\windows\Installer\23e2e.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 1157632 c:\windows\Installer\23da2.msi
+ 2008-03-23 10:24 . 2008-03-23 10:24 1150464 c:\windows\Installer\23d16.msi
+ 2008-03-23 10:22 . 2008-03-23 10:22 1944064 c:\windows\Installer\23d0f.msi
+ 2006-04-18 20:48 . 2006-04-18 20:48 1629184 c:\windows\Installer\23cf5.msp
+ 2008-01-11 09:52 . 2008-01-11 09:52 8517632 c:\windows\Installer\22af1.msp
+ 2008-03-23 10:50 . 2008-03-23 10:50 1389056 c:\windows\Installer\22ac6.msi
+ 2006-07-28 22:18 . 2006-07-28 22:18 2012160 c:\windows\Installer\22a94.msp
+ 2006-08-05 00:44 . 2006-08-05 00:44 6735872 c:\windows\Installer\22a8e.msp
+ 2008-03-23 10:44 . 2008-03-23 10:44 1046016 c:\windows\Installer\22a7e.msi
+ 2007-03-21 17:46 . 2007-03-21 17:46 2047488 c:\windows\Installer\22a78.msp
+ 2007-03-21 17:46 . 2007-03-21 17:46 8198656 c:\windows\Installer\22a65.msp
+ 2008-03-23 10:42 . 2008-03-23 10:42 1652736 c:\windows\Installer\22a3f.msi
+ 2008-03-23 10:42 . 2008-03-23 10:42 1652736 c:\windows\Installer\22a3a.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 1652736 c:\windows\Installer\22a35.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 1640960 c:\windows\Installer\22a12.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 2022912 c:\windows\Installer\22a0d.msi
+ 2008-03-23 10:41 . 2008-03-23 10:41 1713152 c:\windows\Installer\22a08.msi
+ 2008-03-23 10:40 . 2008-03-23 10:40 2397184 c:\windows\Installer\229fe.msi
+ 2008-03-23 10:38 . 2008-03-23 10:38 1461248 c:\windows\Installer\229f8.msi
+ 2008-09-20 00:06 . 2008-09-20 00:06 3620864 c:\windows\Installer\21bce.msi
+ 2009-06-17 17:33 . 2009-06-17 17:33 1516544 c:\windows\Installer\215cc7d4.msi
+ 2008-09-02 15:42 . 2008-09-02 15:42 5104640 c:\windows\Installer\20e4c7ed.msp
+ 2008-12-01 21:32 . 2008-12-01 21:32 8030208 c:\windows\Installer\1e58d1e0.msi
+ 2009-01-15 07:35 . 2009-01-15 07:35 4830720 c:\windows\Installer\1b69a13.msp
+ 2009-01-08 00:25 . 2009-01-08 00:25 5046784 c:\windows\Installer\1b69a0c.msp
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\148f707f.msp
+ 2009-03-28 13:50 . 2009-03-28 13:50 5025792 c:\windows\Installer\148f706f.msp
+ 2008-03-23 10:43 . 2009-06-15 07:00 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-23 10:43 . 2009-05-14 21:45 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-23 10:43 . 2009-06-15 07:00 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-24 19:18 . 2009-06-11 04:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-24 19:18 . 2009-05-14 21:45 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-11 03:54 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-11 03:54 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-11 03:54 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2009-04-29 04:49 . 2009-04-29 04:49 1163264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\urlmon.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 3598336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 6069248 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll
+ 2009-06-09 18:48 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dat
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-25 07:02 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
+ 2008-05-10 04:56 . 2008-03-23 10:21 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2005-09-23 15:48 . 2005-09-23 15:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2008-06-25 08:24 . 2007-01-19 20:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-04-30 07:30 . 2006-04-30 07:30 19210240 c:\windows\Installer\8eb7d.msp
+ 2008-08-11 18:51 . 2008-08-11 18:51 15916544 c:\windows\Installer\8b24ac2.msp
+ 2008-08-11 18:49 . 2008-08-11 18:49 22457344 c:\windows\Installer\8b24aa0.msp
+ 2007-05-29 21:41 . 2007-05-29 21:41 16549888 c:\windows\Installer\5af5b.msp
+ 2008-05-10 05:36 . 2008-05-10 05:36 15256576 c:\windows\Installer\5af1a.msp
+ 2009-02-25 23:05 . 2009-02-25 23:05 11840000 c:\windows\Installer\532cf9.msp
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\532cd8.msp
+ 2008-07-03 18:36 . 2008-07-03 18:36 11937792 c:\windows\Installer\4ea845f0.msp
+ 2008-04-12 01:07 . 2008-04-12 01:07 13257728 c:\windows\Installer\4ea845ac.msp
+ 2008-07-03 18:37 . 2008-07-03 18:37 11759104 c:\windows\Installer\4ea84589.msp
+ 2008-05-21 08:30 . 2008-05-21 08:30 14308864 c:\windows\Installer\4ea844a7.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\432328ec.msp
+ 2008-03-23 10:34 . 2008-03-23 10:34 24956928 c:\windows\Installer\2b92e.msi
+ 2008-03-23 10:32 . 2008-03-23 10:32 19140096 c:\windows\Installer\2b919.msi
+ 2008-03-23 10:31 . 2008-03-23 10:31 13961216 c:\windows\Installer\2b910.msi
+ 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\2b387745.msp
+ 2008-10-20 15:21 . 2008-10-20 15:21 11937280 c:\windows\Installer\2b387724.msp
+ 2008-10-20 15:16 . 2008-10-20 15:16 13211648 c:\windows\Installer\2b387703.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 12743168 c:\windows\Installer\2402852.msp
+ 2007-10-15 06:43 . 2007-10-15 06:43 21981184 c:\windows\Installer\2402811.msp
+ 2008-03-23 10:43 . 2008-03-23 10:43 12836864 c:\windows\Installer\22a52.msi
+ 2008-07-30 03:20 . 2008-07-30 03:20 11767296 c:\windows\Installer\20e4c7ca.msp
+ 2008-07-30 03:18 . 2008-07-30 03:18 11933184 c:\windows\Installer\20e4c7a9.msp
+ 2009-05-04 11:49 . 2009-05-04 11:49 10955776 c:\windows\Installer\14cdcffc.msp
+ 2008-03-23 10:30 . 2008-03-23 10:30 53684224 c:\windows\Downloaded Installations\Diskeeper Lite\{93F2B30E-AC0D-4922-A34C-C76FC00E924C}\Diskeeper Lite.msi
+ 2008-03-23 10:31 . 2008-03-23 10:31 59935232 c:\windows\Downloaded Installations\{34B5287F-49E4-4E91-9765-7C971E906A69}\Client Security Solution.msi
+ 2008-03-23 10:32 . 2008-03-23 10:32 70591488 c:\windows\Downloaded Installations\{0BF4011E-9066-4AA1-ABE5-0C21C7F86E6F}\Rescue and Recovery.msi
+ 2007-10-15 06:43 . 2007-10-15 06:43 229852160 c:\windows\Installer\24027e9.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-10 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-10 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-23 50688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 9:33 PM 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 9:32 PM 19504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [3/23/2008 6:07 AM 4442]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 8:50 PM 30312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 1:10 AM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 4:11 PM 569344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-07 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-23 16:22]

2009-07-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\x75drwsn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 02:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1640)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Completion time: 2009-07-10 2:49
ComboFix-quarantined-files.txt 2009-07-10 06:48
ComboFix2.txt 2009-05-19 02:26
ComboFix3.txt 2009-03-13 04:21
ComboFix4.txt 2009-03-09 23:10
ComboFix5.txt 2009-07-10 06:41

Pre-Run: 2,681,974,784 bytes free
Post-Run: 3,029,495,808 bytes free

942 --- E O F --- 2009-06-15 07:01

Ried · 07-10-2009, 09:57 PM

This figure is the accurate one as far as how much free space you have, which is reporting a very similar amount to what you mentioned you saw in your C:\ Properties.

Quote:

Post-Run: 3,029,495,808 bytes free

Quote:

Perhaps there's another program you know that gives you an accurate report on the size of your C Drive?

I'm sorry, I don't know of any as I've never researched them since I've never found a need for them.

Your question would be better addressed by the folks in the Windows XP Support section of this forum.

============================

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go
Yellow for caution
Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

==============================

Surf safely and Think Prevention

07-06-2009, 06:39 PM	#2 (permalink)
Ohme123 Registered User Join Date: Mar 2007 Posts: 11 OS: XP	Re: Computer thinks I have less room than I do? Bump.

07-06-2009, 06:59 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Re: Computer thinks I have less room than I do? Hello Ohme123, Are you also experiencing redirects in Google searches with Firefox? I see signs of infection that would point to such occurrences. Please try this Rootkit scanner... Download RootRepeal Extract RootRepeal.exe from the zip archive. Open on your desktop. Click the tab. Click the button. Check all six boxes: Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-09-2009, 02:32 AM	#6 (permalink)
Ohme123 Registered User Join Date: Mar 2007 Posts: 11 OS: XP	Re: Computer thinks I have less room than I do? Didn't really see any options, it just said run 'Yes' or 'No'. Anyway, here you go! GooredFix by jpshortstuff (03.07.09) Log created at 04:30 on 09/07/2009 (Ben) Firefox version 3.0.11 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF} -> Success! Deleting C:\Documents and Settings\Ben\Local Settings\Application Data\{891ADDCD-BE3E-4B98-8F2B-7817B8025EFF}\ -> Backup error [1026] C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [21:50 24/06/2008] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] (none) -=E.O.F=-

07-09-2009, 07:21 AM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Re: Computer thinks I have less room than I do? Your FF was hijacked, but has now been cleared by GooredFix. It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Vista users - right click on the IE icon and run as administrator Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-09-2009, 09:22 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Re: Computer thinks I have less room than I do? How long ago did you use ComboFix? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-09-2009, 10:54 PM	#10 (permalink)
Ohme123 Registered User Join Date: Mar 2007 Posts: 11 OS: XP	Re: Computer thinks I have less room than I do? It's been a while. Probably well over a month now. 2 or 3.

07-09-2009, 11:38 PM	#11 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,522 OS: WinXP and Vista	Re: Computer thinks I have less room than I do? Based on the Kaspersky results, I think it best for me to review the log it produced at that time. Click Start>Run and copy/paste the following bolded text into the Run box and click OK: C:\ComboFix.txt A report should pop open for you. Please post the contents in your next reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-09-2009, 11:46 PM	#12 (permalink)
Ohme123 Registered User Join Date: Mar 2007 Posts: 11 OS: XP	Re: Computer thinks I have less room than I do? ComboFix 09-05-18.02 - Ben 05/18/2009 22:13.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.535 [GMT -4:00] Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\ld08.exe c:\windows\sysguard.exe c:\windows\system32\790151 c:\windows\system32\790151\790151.dll c:\windows\system32\amujivey.ini c:\windows\system32\bujaroki.dll c:\windows\system32\gehimolo.dll.tmp c:\windows\system32\nepumuwi.dll.tmp c:\windows\system32\ratepiye.dll c:\windows\system32\SYS32DLL.exe c:\windows\system32\tibizoru.dll c:\windows\system32\tuliyepi.dll.tmp c:\windows\system32\yevijuma.dll c:\windows\system32\yeyeviba.dll . ((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 ))))))))))))))))))))))))))))))) . 2009-05-19 01:54 . 2009-05-19 01:58 -------- d-sh--w C:\RECYCLER(2) 2009-05-19 01:46 . 2009-05-19 01:58 -------- d-----w C:\ComboFix(2) 2009-05-19 01:26 . 2009-05-19 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\10455004 2009-05-14 08:56 . 2009-05-14 08:57 -------- d-----w C:\4d97f4995753674a536060f722ac 2009-05-12 07:01 . 2009-05-12 07:01 -------- d-----w c:\windows\system32\KB905474 2009-05-12 07:01 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-05-12 07:01 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-25 05:36 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-25 05:36 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-25 05:36 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-25 05:36 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-25 05:36 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-25 05:36 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-25 05:36 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-25 05:36 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-25 05:36 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-25 05:36 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-25 05:34 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-25 05:34 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 04:02 . 2009-05-03 04:02 862688 ----a-w c:\windows\system32\rn.tmp 2009-04-25 04:13 . 2009-01-25 04:13 47616 --sha-w c:\windows\system32\koyahune.exe 2009-04-14 02:37 . 2009-03-12 14:40 -------- d-----w c:\program files\DivX 2009-04-14 02:34 . 2008-03-23 10:07 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-12 00:08 . 2009-01-12 00:08 62976 --sha-w c:\windows\system32\wipusonu.exe 2009-04-06 05:59 . 2009-04-06 05:59 -------- d-----w c:\program files\CleanUp! 2009-03-25 20:53 . 2008-06-25 01:32 -------- d-----w c:\program files\EphPod 2009-03-22 02:58 . 2009-03-22 02:58 -------- d-----w c:\program files\7-Zip 2009-03-06 14:22 . 2006-04-30 06:55 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2006-04-30 06:56 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2006-04-30 06:55 78336 ------w c:\windows\system32\ieencode.dll 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ------w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ------w c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-12 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-10 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-10 1626112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-23 50688] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-15 05:17 89600 ------w c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Ben\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 9:33 PM 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 9:32 PM 19504] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [3/23/2008 6:07 AM 4442] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 8:50 PM 30312] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 1:10 AM 11152] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 4:11 PM 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-05-19 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-23 16:22] 2009-05-19 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\x75drwsn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-18 22:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1572) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1628) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll - - - - - - - > 'explorer.exe'(2628) c:\windows\system32\nview.dll c:\windows\system32\btmmhook.dll c:\windows\system32\nvwddi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\windows\system32\wdfmgr.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\iTunes\iTunes.exe c:\program files\AIM6\aolsoftware.exe c:\program files\Last.fm\LastFM.exe c:\program files\Mozilla Firefox\firefox.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\program files\Java\jre1.6.0_05\bin\jucheck.exe . ************************************************************************ . Completion time: 2009-05-19 22:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-19 02:26 ComboFix2.txt 2009-03-13 04:21 ComboFix3.txt 2009-03-09 23:10 ComboFix4.txt 2009-03-09 22:45 ComboFix5.txt 2009-04-25 05:20 Pre-Run: 697,958,400 bytes free Post-Run: 696,066,048 bytes free 262 --- E O F --- 2009-05-15 07:01