Sign in to follow this  
Bowtie41

Seeking help with bad virus,IE redirects,file access removed,etc.

Recommended Posts

Blade,

Well,THAT was very disheartening to say the least!

 

The instructions to the show hidden files wasn't right for my system.I had to:

Start,Control Panel,(Go right to Folder Options),View Tab,then remembered I had it ticked on anyway,lol :)

 

Here is the link for the css:

http://www.virustotal.com/analisis/762fd2b...77d4-1252518188

 

and the sccs:

http://www.virustotal.com/analisis/478c92e...3c0e-1252518429

 

As far as how the systems running....................................

The Vimax ads have been gone a couple days now.Thank You for that!

 

The Google redirects are gone,Thank You!

 

Since I did my last cache clear and update on java,my pogo is working again,the whole family thanks you for that! :)

 

Today,all of a sudden,I'm able to get the link for my router to work.My daughter hates that because I can turn off her wireless,and leave MY hardwire on.Thank You for that!!

 

Other than that,the system is really slow.It takes almost a minute to log in here now.Another example.When I'm at my email panel,like this morning,I had clicked on about 15 messages to delete them,it took about a minute for the ticks to show up,and then about 30 seconds more to delete them.Also,if I scroll down a page,it may take 5-10 seconds for the window to move after the mouse does.However,typing usually isn't too bad,but on some online forms,it also has a lag.

At first,I thought it may just be my internet connection(I'm on DSL),so I fired up the laptop to see if it did the same.Result,BSOD(Gosh,I love Windows).I rebooted the laptop,and it seems okay.It just crashed again while typing this,lol.That's not normal for that machine(reason:IRQL less or not equal or something like that,but that's for another session)

Anway,after this system rebooted,it is better,but still slow.The reason for BSOD here was Memory Management I think.Maybe it has a bad stick,but the system isn't that old,and the memory was replaced last year,first time I remember seeing that reason.

Hope this helps,and Thanks for what you've done so far!

Kirk

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it:

 

http://www.lavasoftsupport.com/index.php?showtopic=26748&st=20&start=20
Collect::
c:\users\kirk\css.exe
c:\users\kirk\sccs.exe
c:\users\kirk\MediaTubeCodec_ver1.1463.0.exe

 

 

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

CFScriptB-4.gif

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll be asked to submit some samples. Follow the instructions there.

Then post the resultant log.

 

 

Have you defragged hard drive lately? That might help. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend JkDefrag.

Share this post


Link to post
Share on other sites

Blade,

That all went well.I'll let you know how the system runs after I run CCleaner and JkDefrag,but it will probably be the weekend before I can get to it.Combofix had another update,and I had to do a manual reboot to get the browser working again.Here is the new log,and Thank You once again!

Kirk

 

ComboFix 09-09-09.04 - Kirk 09/09/2009 22:35.2.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.959.547 [GMT -5:00]

Running from: c:\users\Kirk\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Kirk\Desktop\CFScript.txt

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

file zipped: c:\users\kirk\css.exe

file zipped: c:\users\kirk\MediaTubeCodec_ver1.1463.0.exe

file zipped: c:\users\kirk\sccs.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Kirk\css.exe

c:\users\kirk\MediaTubeCodec_ver1.1463.0.exe

c:\users\kirk\sccs.exe

 

.

((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))

.

 

2009-09-10 03:44 . 2009-09-10 03:45 -------- d-----w- c:\users\Kirk\AppData\Local\temp

2009-09-10 03:44 . 2009-09-10 03:44 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-09-10 03:44 . 2009-09-10 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-09 04:58 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-09 04:58 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-09 04:58 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-09 04:58 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-09 04:58 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-09 04:58 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-09 04:58 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-09 04:58 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-09 04:58 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-09 04:58 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-09 04:57 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-09 04:56 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-09 04:56 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-09 04:56 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-09 04:56 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-07 07:44 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-07 07:44 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-07 07:44 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-07 07:44 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-07 07:44 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-07 07:44 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-07 07:44 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-07 07:44 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-06 08:07 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-06 01:11 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-09-06 01:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-09-06 01:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-09-06 01:11 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-06 01:11 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-06 01:11 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-20 06:19 . 2009-08-20 06:19 -------- d-----w- c:\program files\Java

2009-08-18 21:34 . 2009-08-18 21:34 -------- d-----w- c:\program files\ERUNT

2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\users\Kirk\AppData\Local\Live_TV

2009-08-12 01:18 . 2009-08-12 01:18 -------- d-----w- c:\users\Kirk\AppData\Roaming\TechSmith

2009-08-12 00:02 . 2009-08-12 00:02 -------- d-----w- c:\programdata\TechSmith

2009-08-12 00:02 . 2009-08-12 00:02 -------- d-----w- c:\users\Kirk\AppData\Local\TechSmith

2009-08-12 00:02 . 2009-08-12 00:02 -------- d-----w- c:\program files\TechSmith

2009-08-12 00:00 . 2009-08-12 00:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-11 15:57 . 2009-08-11 15:57 -------- d-----w- c:\users\Kirk\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-08-11 15:56 . 2009-08-11 15:56 -------- d-----w- c:\program files\Common Files\Adobe AIR

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-09 22:47 . 2009-02-02 23:44 -------- d-----w- c:\programdata\Google Updater

2009-09-09 18:11 . 2008-07-11 04:44 1356 ----a-w- c:\users\Kirk\AppData\Local\d3d9caps.dat

2009-09-09 17:38 . 2008-08-15 21:03 -------- d-----w- c:\users\Kirk\AppData\Roaming\ContentGuard

2009-09-09 08:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 08:08 . 2008-07-14 05:40 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 08:06 . 2008-10-13 20:46 -------- d-----w- c:\programdata\Microsoft Help

2009-08-20 06:19 . 2008-12-19 10:49 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-08-17 11:05 . 2009-08-04 18:57 -------- d-----w- c:\program files\Live_TV

2009-08-17 11:05 . 2009-08-04 18:57 -------- d-----w- c:\program files\Conduit

2009-08-12 05:40 . 2008-10-13 16:08 -------- d-----w- c:\users\Kirk\AppData\Roaming\GetRightToGo

2009-08-04 19:23 . 2009-08-04 19:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-08-04 13:03 . 2009-08-04 13:03 -------- d-----w- c:\program files\Trend Micro

2009-08-04 01:37 . 2009-08-04 01:27 -------- d-----w- c:\programdata\Lavasoft

2009-08-04 01:27 . 2009-08-04 01:27 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}

2009-08-04 01:27 . 2009-08-04 01:27 -------- d-----w- c:\program files\Lavasoft

2009-08-03 23:12 . 2009-03-05 00:07 -------- d-----w- c:\programdata\McAfee

2009-08-03 23:12 . 2009-03-18 00:54 -------- d-----w- c:\program files\Common Files\McAfee

2009-08-03 23:11 . 2009-03-18 00:53 -------- d-----w- c:\program files\McAfee

2009-08-03 19:42 . 2008-08-08 23:12 -------- d-----w- c:\program files\Coupons

2009-07-21 05:21 . 2008-07-31 07:31 172912 ---ha-w- c:\windows\system32\mlfcache.dat

2009-07-20 02:30 . 2009-07-20 02:30 4096 ----a-w- c:\windows\d3dx.dat

2009-07-20 02:27 . 2009-07-20 02:27 552 ----a-w- c:\users\Kirk\AppData\Local\d3d8caps.dat

2009-07-20 02:26 . 2009-02-06 15:23 -------- d-----w- c:\program files\The Price Is Right

2009-07-18 16:06 . 2009-09-06 01:12 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-09-06 01:12 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-09-06 01:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 14:35 . 2009-09-06 01:12 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-16 23:36 . 2009-07-16 23:35 3277 ----a-w- C:\awFLEXLM.dat

2009-07-16 04:28 . 2009-07-16 04:28 -------- d-----w- c:\users\Kirk\AppData\Roaming\Autodesk

2009-07-16 03:32 . 2009-07-16 02:37 -------- d-----w- c:\program files\Autodesk

2009-07-16 03:14 . 2009-07-16 02:37 -------- d-----w- c:\program files\Common Files\Alias Shared

2009-07-16 03:12 . 2009-07-16 03:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2009-07-03 14:49 . 2009-08-04 01:37 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-07-03 14:49 . 2009-08-04 05:19 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-06-27 18:12 . 2008-07-11 04:45 104248 ----a-w- c:\users\Kirk\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-15 15:24 . 2009-07-15 10:49 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 10:49 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 10:49 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 10:49 289792 ----a-w- c:\windows\system32\atmfd.dll

.

 

((((((((((((((((((((((((((((( [email protected]_20.48.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-09 04:56 . 2009-07-11 19:10 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanhlp.dll

+ 2009-09-09 04:56 . 2009-07-11 19:10 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanapi.dll

+ 2008-07-26 15:06 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\gatherWirelessInfo.vbs

+ 2009-09-09 04:56 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanhlp.dll

+ 2009-09-09 04:56 . 2009-07-11 19:01 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanapi.dll

+ 2008-07-26 15:06 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\gatherWirelessInfo.vbs

+ 2009-09-09 04:56 . 2009-07-11 19:17 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanhlp.dll

+ 2009-09-09 04:56 . 2009-07-11 19:17 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanapi.dll

+ 2008-07-26 15:06 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\gatherWirelessInfo.vbs

+ 2008-07-26 15:09 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanhlp.dll

+ 2008-07-26 15:09 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanapi.dll

+ 2008-07-26 15:06 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\gatherWirelessInfo.vbs

+ 2009-09-09 04:56 . 2009-07-11 19:24 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanhlp.dll

+ 2009-09-09 04:56 . 2009-07-11 19:24 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanapi.dll

+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\gatherWirelessInfo.vbs

+ 2009-09-09 04:56 . 2009-07-11 19:32 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanhlp.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanapi.dll

+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\gatherWirelessInfo.vbs

+ 2009-09-09 04:58 . 2009-08-15 21:30 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiougc.exe

+ 2009-09-09 04:58 . 2009-08-15 23:56 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiomig.dll

+ 2009-09-09 04:58 . 2009-08-14 14:23 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiougc.exe

+ 2009-09-09 04:58 . 2009-08-14 16:40 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiomig.dll

+ 2009-09-09 04:58 . 2009-08-14 13:52 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:52 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:52 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:52 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\finger.exe

+ 2009-09-09 04:58 . 2009-08-14 13:52 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\finger.exe

+ 2009-09-09 04:58 . 2009-08-14 13:49 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\finger.exe

+ 2009-09-09 04:58 . 2009-08-14 14:11 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\finger.exe

+ 2009-09-09 04:58 . 2009-08-14 14:16 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\finger.exe

+ 2009-09-09 04:58 . 2009-08-15 21:31 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ROUTE.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\NETSTAT.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\MRINFO.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\finger.exe

+ 2009-09-09 04:58 . 2009-08-14 14:25 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ARP.EXE

+ 2009-09-09 04:58 . 2009-08-14 17:01 98376 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\FWPKCLNT.SYS

+ 2009-09-09 04:58 . 2009-08-15 21:29 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\FWPKCLNT.SYS

+ 2009-09-09 04:58 . 2009-08-14 16:00 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\netevent.dll

+ 2009-09-09 04:58 . 2009-08-14 15:53 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\netevent.dll

+ 2009-09-09 04:58 . 2009-08-14 16:24 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\netevent.dll

+ 2009-09-09 04:58 . 2009-08-14 16:29 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\netevent.dll

+ 2009-09-09 04:58 . 2009-08-15 23:56 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\netevent.dll

+ 2009-09-09 04:58 . 2009-08-14 16:40 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\netevent.dll

+ 2009-09-09 04:57 . 2009-06-10 09:53 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\rrinstaller.exe

+ 2009-09-09 04:57 . 2009-06-10 09:54 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mfps.dll

+ 2009-09-09 04:57 . 2009-06-10 09:53 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mfpmp.exe

+ 2009-09-09 04:57 . 2009-04-11 06:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\rrinstaller.exe

+ 2009-09-09 04:57 . 2009-04-11 06:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfps.dll

+ 2009-09-09 04:57 . 2009-04-11 06:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfpmp.exe

+ 2009-09-09 04:57 . 2009-06-10 10:10 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\rrinstaller.exe

+ 2009-09-09 04:57 . 2009-06-10 11:56 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mfps.dll

+ 2009-09-09 04:57 . 2009-06-10 10:10 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mfpmp.exe

+ 2008-07-26 15:08 . 2008-01-19 07:33 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\rrinstaller.exe

+ 2008-07-26 15:08 . 2008-01-19 07:34 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfps.dll

+ 2008-07-26 15:08 . 2008-01-19 07:33 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfpmp.exe

+ 2009-09-09 04:57 . 2009-06-10 10:01 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\rrinstaller.exe

+ 2009-09-09 04:57 . 2009-06-10 12:00 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mfps.dll

+ 2009-09-09 04:57 . 2009-06-10 10:01 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mfpmp.exe

+ 2009-09-09 04:57 . 2009-06-10 10:14 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\rrinstaller.exe

+ 2009-09-09 04:57 . 2009-06-10 12:07 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mfps.dll

+ 2009-09-09 04:57 . 2009-06-10 10:15 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mfpmp.exe

+ 2009-09-09 04:58 . 2009-08-14 13:51 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\tcpipreg.sys

+ 2009-09-09 04:58 . 2009-08-14 13:48 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\tcpipreg.sys

+ 2008-07-11 07:21 . 2009-09-09 08:41 47952 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-09-09 18:14 52998 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-11 04:46 . 2009-09-09 18:14 14732 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1102098282-1699462974-3711131293-1000_UserData.bin

+ 2006-11-02 13:02 . 2009-09-10 03:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:02 . 2009-09-08 20:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2006-11-02 13:02 . 2009-09-10 03:25 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-02 13:02 . 2009-09-08 20:42 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:02 . 2009-09-10 03:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 13:02 . 2009-09-08 20:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-13 20:56 . 2009-09-08 08:06 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-09-09 04:58 . 2009-08-14 13:52 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:52 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\HOSTNAME.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-14 13:49 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\HOSTNAME.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:11 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\HOSTNAME.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:16 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\HOSTNAME.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-15 21:31 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\HOSTNAME.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\TCPSVCS.EXE

+ 2009-09-09 04:58 . 2009-08-14 14:25 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\HOSTNAME.EXE

+ 2009-09-09 04:57 . 2009-06-10 09:53 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mferror.dll

+ 2009-09-09 04:57 . 2009-04-11 04:54 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mferror.dll

+ 2009-09-09 04:57 . 2009-06-10 10:10 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mferror.dll

+ 2006-11-02 12:35 . 2006-11-02 12:35 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mferror.dll

+ 2009-09-09 04:57 . 2009-06-10 08:43 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mferror.dll

+ 2009-09-09 04:57 . 2009-06-10 08:50 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mferror.dll

+ 2009-09-09 08:38 . 2009-09-09 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-09-09 08:38 . 2009-09-09 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-09 04:56 . 2009-07-11 19:10 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:10 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:10 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanmsm.dll

+ 2009-09-09 04:56 . 2009-07-11 19:01 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:01 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:01 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanmsm.dll

+ 2009-09-09 04:56 . 2009-07-11 19:17 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:17 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:17 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanmsm.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 513024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanmsm.dll

+ 2009-09-09 04:56 . 2009-07-11 19:24 502784 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:24 299520 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:24 289280 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanmsm.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 502272 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlansvc.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 297984 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlansec.dll

+ 2009-09-09 04:56 . 2009-07-11 19:32 290816 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanmsm.dll

+ 2009-09-09 04:58 . 2009-08-15 23:58 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpipcfg.dll

+ 2009-09-09 04:58 . 2009-08-15 21:30 816640 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys

+ 2009-09-09 04:58 . 2009-08-14 16:42 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpipcfg.dll

+ 2009-09-09 04:58 . 2009-08-14 14:24 813568 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys

+ 2009-09-09 04:58 . 2009-08-14 13:51 106496 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-14 13:48 105984 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-14 16:24 105472 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-14 16:29 104960 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-15 23:56 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-14 16:40 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\netiohlp.dll

+ 2009-09-09 04:58 . 2009-08-14 16:33 905784 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

+ 2009-09-09 04:58 . 2009-08-14 16:27 904776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys

+ 2009-09-09 04:58 . 2009-08-14 17:01 900168 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys

+ 2009-09-09 04:58 . 2009-08-14 17:07 897608 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys

+ 2009-09-09 04:56 . 2009-06-04 12:55 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\jscript.dll

+ 2009-09-09 04:56 . 2009-06-04 12:07 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\jscript.dll

+ 2009-09-09 04:56 . 2009-06-04 12:32 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\jscript.dll

+ 2009-09-09 04:56 . 2009-06-04 12:33 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\jscript.dll

+ 2009-09-09 04:56 . 2009-06-04 12:28 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\jscript.dll

+ 2009-09-09 04:56 . 2009-06-04 12:40 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\jscript.dll

+ 2009-09-09 04:58 . 2009-08-14 16:23 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\IKEEXT.DLL

+ 2009-09-09 04:58 . 2009-08-14 16:22 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\FWPUCLNT.DLL

+ 2009-09-09 04:58 . 2009-08-14 16:21 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\BFE.DLL

+ 2009-09-09 04:58 . 2009-08-15 23:54 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\IKEEXT.DLL

+ 2009-09-09 04:58 . 2009-08-15 23:54 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\FWPUCLNT.DLL

+ 2009-09-09 04:58 . 2009-08-15 23:53 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\BFE.DLL

+ 2009-09-09 04:58 . 2009-08-14 17:01 220232 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\netio.sys

+ 2009-09-09 04:58 . 2009-08-16 00:32 214104 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\netio.sys

+ 2009-09-09 04:58 . 2009-08-14 17:16 213592 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\netio.sys

+ 2009-09-09 04:56 . 2009-07-11 17:07 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-11 17:03 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-11 19:14 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-11 19:29 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-11 19:18 124928 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-11 19:26 123904 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\L2SecHC.dll

+ 2009-09-09 04:56 . 2009-07-21 12:27 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-21 12:26 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-22 00:24 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-21 14:45 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-21 14:39 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-21 14:56 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-06-04 12:33 512000 c:\windows\System32\jscript.dll

- 2008-07-27 12:50 . 2008-05-08 21:59 512000 c:\windows\System32\jscript.dll

- 2008-10-13 20:56 . 2009-09-08 08:06 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe

+ 2009-09-09 08:41 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\9-9-2009\ERDNT.EXE

- 2008-07-26 15:09 . 2008-01-19 07:34 171008 c:\windows\ehome\ehkeyctl.dll

+ 2009-09-09 04:56 . 2009-07-21 14:45 171008 c:\windows\ehome\ehkeyctl.dll

+ 2009-09-09 04:57 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-08-10 07:22 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-08-10 07:22 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\OESpamFilter.dat

+ 2009-09-09 04:57 . 2009-06-10 11:45 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 11:41 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 11:59 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 12:11 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 12:06 2436096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 12:16 2433536 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 11:45 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mf.dll

+ 2009-09-09 04:57 . 2009-06-10 11:41 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mf.dll

+ 2009-09-09 04:57 . 2009-06-10 11:59 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mf.dll

+ 2009-09-09 04:57 . 2009-06-10 12:11 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mf.dll

+ 2009-09-09 04:57 . 2009-06-10 12:00 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mf.dll

+ 2009-09-09 04:57 . 2009-06-10 12:07 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mf.dll

- 2008-12-12 09:47 . 2008-06-23 01:59 2386944 c:\windows\System32\WMVCORE.DLL

+ 2009-09-09 04:57 . 2009-06-10 12:11 2386944 c:\windows\System32\WMVCORE.DLL

+ 2006-11-02 10:22 . 2009-09-09 08:49 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2006-11-02 10:22 . 2009-09-07 20:51 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2006-11-02 12:47 . 2009-09-09 08:39 2684577 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

- 2006-11-02 12:47 . 2009-09-06 08:17 2684577 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

+ 2009-08-18 17:56 . 2009-08-18 17:56 5020672 c:\windows\Installer\25c4bd6.msp

- 2008-10-13 20:56 . 2009-09-08 08:06 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-10-13 20:56 . 2009-09-08 08:06 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-10-13 20:56 . 2009-09-09 08:06 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2009-08-12 05:19 . 2009-09-08 08:06 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-08-12 05:19 . 2009-09-09 08:06 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-09-09 08:41 . 2009-09-09 08:41 3588096 c:\windows\ERDNT\AutoBackup\9-9-2009\Users000002\UsrClass.dat

+ 2009-09-09 08:41 . 2009-09-09 08:41 4460544 c:\windows\ERDNT\AutoBackup\9-9-2009\Users000001\NTUSER.DAT

+ 2006-11-02 10:24 . 2009-08-28 21:38 24689600 c:\windows\System32\mrt.exe

+ 2009-09-09 08:07 . 2009-09-09 08:07 15709696 c:\windows\Installer\25c4bef.msp

+ 2009-06-04 08:04 . 2009-09-09 08:29 111215593 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-07-08 3874886]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Zune Launcher"="c:\users\Kirk\Downloads\1695.dvb.pc.4.4.3\Zune\ZuneLauncher.exe" [2008-11-10 157312]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-25 198160]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]

 

c:\users\Kirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2008-7-11 338448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{E6B77BCC-89C6-466A-9985-8446164FBFE9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{C2C61E87-73E6-4C7F-8432-813998F6F46E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{BD42AE93-415F-4E1A-BA9E-36C363AB003A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{6EB61C02-E80B-4035-A7DF-EF56EACB465A}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{4FAB8BC1-ADA5-4B47-A3F8-C69C6CC622AA}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{EDB07C8F-B1A2-4C7F-B34F-640B79BAAA79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{B30CC371-7C9E-48F0-AB4A-140F20358DA4}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{CB829BD1-BC37-41A2-AB22-15718DBE33B4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{4E6DC5CE-F86D-463D-BE06-D1CDBDE941BC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{D2D5F2E2-4D0E-4388-9BE7-E645DFE1A6A2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{C48E482A-A1F4-43FD-95C7-4954D34F1FF6}c:\\done\\done\\tmd-recruit.5.1\\mirc.exe"= UDP:c:\done\done\tmd-recruit.5.1\mirc.exe:mIRC

"UDP Query User{70D64D7E-0509-4D9F-AF5B-9EAF022E2207}c:\\done\\done\\tmd-recruit.5.1\\mirc.exe"= TCP:c:\done\done\tmd-recruit.5.1\mirc.exe:mIRC

"TCP Query User{B6DC8950-31AF-4945-A892-0E4F0E52DEDA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{E7200DC0-AE53-409E-94AC-2CDB8A32D32B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [8/3/2009 8:37 PM 64160]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/6/2009 9:10 AM 317440]

S2 gupdate1c98590c9c1b434;Google Update Service (gupdate1c98590c9c1b434);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 6:48 PM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]

.

Contents of the 'Scheduled Tasks' folder

 

2009-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

 

2009-09-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 09:12]

 

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 23:48]

 

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 23:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: electronicarts.com

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: pogo.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-09 22:45

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2009-09-10 22:49

ComboFix-quarantined-files.txt 2009-09-10 03:48

ComboFix2.txt 2009-09-08 20:56

ComboFix3.txt 2009-09-05 23:25

 

Pre-Run: 13,136,216,064 bytes free

Post-Run: 13,100,093,440 bytes free

 

450 --- E O F --- 2009-09-09 08:29

Upload was successful

Share this post


Link to post
Share on other sites
I'll let you know how the system runs after I run CCleaner and JkDefrag

Are you using CCleaner to clean registry? It's not recommended. I'm personally against registry cleaners since it's easy to cause more damage than benefit from them.

Share this post


Link to post
Share on other sites

Blade,

I've read in posts that you helped others with what you had said about you not liking/recommending the use of registry cleaners.When I went to the JkDefrag site(Program is now known as MyDefrag),the first tip they show is the use of either Windows Disk Cleanup,or the use of freeware CCleaner.I used it as recommended to clean up old junk.I did not let it clean the registry.I then followed their other tips about changing the virtual memory before the Defrag,and letting the Defrag run in Safe Mode(BTW Slow Optimization in Safe Mode w/200GB HD......50hrs! :huh: )I didn't use the tips about moving the swap file because I was afraid I might screw it up.

The system seems marginally better.When we get done with everything else,I'll upgrade to the new IE8 to see if it helps.

 

I await you next command Master! :)

Share this post


Link to post
Share on other sites

Hi,

 

I used it as recommended to clean up old junk.I did not let it clean the registry.

Ok. Just wanted to ask since CCleaner offers registry cleaning option too :) This might be a good moment to see if IE8 improves the system.

Share this post


Link to post
Share on other sites

Blade,

Sorry for the delay in replying.I really do appreciate all you've done so far :( .I've been fighting trying to get IE8 on my system.It kept hanging up and rebooting a couple times.I finally decided to check for Windows updates.It had installed some automatically the other night.It then said I needed to install SP2.Every time I tried to run it throught the browser,it gave me errors,so I downloaded it as a standalone.I kept getting error code 0x80070490,error:ERROR_NOT_FOUND.it said element not found.I went to Windows Knowledge Base and it suggested running Windows Update Standalone Installer.I downloaded it,ran it,and it did the same thing,so I went to Knowledge Base and searched for the error and found the problem.

 

"This issue may occur if there is corruption in the Component Based Servicing (CBS) manifest."

 

"To resolve this issue, you must perform a repair installation of Windows Vista or Windows Server 2008. Performing a repair installation will restore the current Windows installation to the version of the installation DVD. This also requires the installation of all updates that are not included on the installation DVD."

 

I'm going to be away from my PC from tomorrow AM til Next Monday PM so it will all have to wait till I get back.

 

Even though I haven't been able to install IE8,my Yahoo browser is still a sluggish,but it is much better than it was.

 

BTW,since I had to upload ths css and sccs to virustotal,am I still infected?

 

Thanks for all you do,have a great weekend!!

Kirk

Share this post


Link to post
Share on other sites

Hi,

 

Do you have service pack 1 installed in Vista? Service pack 2 requires sp1 to be present.

 

BTW,since I had to upload ths css and sccs to virustotal,am I still infected?

Both files were removed by ComboFix :(

Share this post


Link to post
Share on other sites

Blade,

Sorry for the delay again,I've been trying different things to no avail.I do have SP1 already.I have made sure ad-aware or anything else is turned off when trying to install SP2.I downloaded and ran the KB947821 System Update Readiness Tool(per the troubleshooting page),with and without a reboot before trying to install SP2.I have tried both the run from the website version,and the download then run version standalone of SP2,and had the same error.I deleted the standalone version,and redownloaded it,but I still get the same error as before.I'm stumped :) maybe I have other malware?Thank You for all you have done,you rock! B)

Kirk

Share this post


Link to post
Share on other sites

Hi Kirk,

 

Looks like you may have to do repair install. However, before that you may want to post on some general problems forum, like http://forums.techguy.org or http://forums.whatthetech.com for example to find out if someone has any other ideas. We handle malware issues here only and to me that remaining issue is more like a general issue with Windows.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this