Solved

Will not boot into Safe Mode to remove rest of System Security 2009 virus

Posted on 2009-07-06
11
1,854 Views
Last Modified: 2013-11-22
Hello all,
   I have a computer here that I am trying to fix. It is a Dell Dimenson 6310. When it was given to me it had the System Security 2009 virus and it had really messed up the computer. It wouldn't allow you to run EXE files (including the

So thanks to the awesome people here I was able repair the EXE situation by going into the task manager and doing "Run New Task" while holding down the CTRL key, which let me go to the command prompt and run Malwarebytes. The first time it got to run the program it found a bunch of viruses and trojans. I let it remove them, reboot the machine, ran the program again, did the same, let it remove them and reboot the machine. So it's been able to run Malwarebytes and other EXE files.

Malwarebytes seems to always find the same 9 issues each time now. What I understand is that I have to run Malwarebytes from safemode in order to get it to solve these issues. The problem is this computer will not allow you to boot into safe mode anymore.
When you try to go into safemode it gives you a blue screen of death. It tells you to try running Chkdsk /f (which I have done) and gives the following error..

0x0000007b (0xf8a9b5254,0xc0000034,0x00000000,0x00000000)

So I can not get into safe mode to finish cleaning up this issue with Malwarebytes.

I can only assume that this is due to the fact that System Security 2009 virus messed up a bunch of stuff that Malwarebytes couldn't fix. Things like the Registery issues (that I had to solve using the UnHookExec.inf fix that I also got from here).

I have not installed or ran other programs yet as I would like to get the opinions of the awesome people here first.

I understand the computer ran just fine before this virus hit so I don't THINK it's a hardware issue (all though who knows!)..

Any tips?

Thanks a bunch!


0
Comment
Question by:cEris
11 Comments
 

Expert Comment

by:occredit
Comment Utility
Hi cEris,

We came across this many times, so don't waste your time and effort trying to repair this PC. I truly recommend you backup the critical files on the hard drive and do a complete Dell system restore. This way, you know the virus\spyware is completely removed.

If you are lucky, some Dell models have the Control + F11 system restore feature.

http://www.ehow.com/how_2184092_perform-dell-system-restore.html
0
 

Author Comment

by:cEris
Comment Utility
Heya Occredit,

   Thanks for the tip. Yeah, I have to agree with you in that honestly this is a situation where the easiest (and best way to make sure it is %100 clean) is to do a reinstall. It may end up that it comes to that.

This particular computer has a bunch of work related stuff installed on it that will be VERY time consuming and difficult to re-install. If worst comes to worse that's what we'll end up doing, but for the time being I have to have hopes that there can be a solution to the issues at hand.

AS AN UPDATE:

When I do a Malwarebyte scan the specific issues it finds are

Worm.Archive  c:\windows\fonts\servoces.exe
Worm.Archive  Memory Archive  c:\Windows\fonts\services.exe
hijack.system.hidden  registery data  HKEY_local_machine\software]microsof\windows\currentversion\explorer\advanced\folder\hidden\showall\checkedvalue
hijacked.batfile  hkey_classes_root\.bat\(default)    Bad:(csfile) Good(batfile)
hijacked.comfle  hkey_classes_root\.com(default)  Bad:(csfile) Good(comfile)
hijacked.exefule hkey_classes_root\.exe(default    Bad: (csfile) Good(exefile)

Anyway, I agree about just restoring the dell to it's default, and if worse comes to worse that's what I'll end up doing.. But right now I don't mind spending the time and effort to clean this stuff up.. I will be going through and cleaning up each item one at a time and see what I can do. I've seen most of these problems before just not all at once and I know that it really matters what order things are done in cases like this so I was looking for some advice from others who have solved this issue..

My next steps are to go through and clean up each section of the registery based on the issues found. I just can't imagine that there have been no solutions other than Reinstalling. I've seen some amazing things pulled off by the kick butt experts around here!

I am going to keep working on this issue, and I will keep this updated. If I end up getting it all cleaned up perhaps this will help the next person who runs across the same thing :)

Oh and here is the logfile from Malwarebyte..

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

7/6/2009 7:32:06 PM
mbam-log-2009-07-06 (19-31-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 136099
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> No action taken.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> No action taken.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> No action taken.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
MalwareBytes is designed to run in normal mode so safe mode is not really necessary unless the pc only boots in safe mode. Combofix will also try and repair safeboot key.

Use ComboFix and show us the log please, it's important that we see the logfile as bad files cn still show up there which we need to use a script to delete them.

Download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0
 

Author Comment

by:cEris
Comment Utility
Heya there rpggamergirl,

I hadn't heard of Combofix before. What a snazzy program. I hope this log gives a better insight to the problem..
Thanks for the advice!

ComboFix 09-07-06.02 - Tom Cosat 07/07/2009  0:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.502.287 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2002013530
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Install.txt
c:\windows\Installer\538f980.msi
c:\windows\kb913800.exe
c:\windows\system32\mscevt.exe
c:\windows\system32\mscggc.exe
c:\windows\system32\mscgki.exe
c:\windows\system32\mschu.exe
c:\windows\system32\mscig.exe
c:\windows\system32\mscixy.exe
c:\windows\system32\msckm.exe
c:\windows\system32\msckns.exe
c:\windows\system32\mscku.exe
c:\windows\system32\mscngctq.exe
c:\windows\system32\mscnjg.exe
c:\windows\system32\mscnys.exe
c:\windows\system32\mscpbqxd.exe
c:\windows\system32\mscpofyx.exe
c:\windows\system32\mscqjgpe.exe
c:\windows\system32\mscqtyrt.exe
c:\windows\system32\mscrb.exe
c:\windows\system32\mscrsbj.exe
c:\windows\system32\mscrujto.exe
c:\windows\system32\mscrutb.exe
c:\windows\system32\mscudjt.exe
c:\windows\system32\mscvfni.exe
c:\windows\system32\mscyzzp.exe
c:\windows\system32\msdaii.exe
c:\windows\system32\msdcf.exe
c:\windows\system32\msdcrj.exe
c:\windows\system32\msdcv.exe
c:\windows\system32\msddrejv.exe
c:\windows\system32\msdefxbo.exe
c:\windows\system32\msdeow.exe
c:\windows\system32\msdfoh.exe
c:\windows\system32\msdfruow.exe
c:\windows\system32\msdga.exe
c:\windows\system32\msdgaho.exe
c:\windows\system32\msdgk.exe
c:\windows\system32\msdhb.exe
c:\windows\system32\msdhkfl.exe
c:\windows\system32\msdikz.exe
c:\windows\system32\msdinawi.exe
c:\windows\system32\msdjutc.exe
c:\windows\system32\msdlpn.exe
c:\windows\system32\msdmf.exe
c:\windows\system32\msdmsvx.exe
c:\windows\system32\msdnwq.exe
c:\windows\system32\msdodkpa.exe
c:\windows\system32\msdrgpkm.exe
c:\windows\system32\msdrwttl.exe
c:\windows\system32\msdupo.exe
c:\windows\system32\msdwexge.exe
c:\windows\system32\msdybvbv.exe
c:\windows\system32\msdyt.exe
c:\windows\system32\msdyua.exe
c:\windows\system32\mseaist.exe
c:\windows\system32\mseavdry.exe
c:\windows\system32\msebrbj.exe
c:\windows\system32\msecxrgq.exe
c:\windows\system32\mseddl.exe
c:\windows\system32\mseeeygy.exe
c:\windows\system32\msefsqbb.exe
c:\windows\system32\msefsxyx.exe
c:\windows\system32\msega.exe
c:\windows\system32\msego.exe
c:\windows\system32\msegxdqt.exe
c:\windows\system32\mseid.exe
c:\windows\system32\msejxw.exe
c:\windows\system32\msekfnym.exe
c:\windows\system32\msekn.exe
c:\windows\system32\msekstuo.exe
c:\windows\system32\mseliev.exe
c:\windows\system32\msemqxiv.exe
c:\windows\system32\mseprbw.exe
c:\windows\system32\mserww.exe
c:\windows\system32\msestmo.exe
c:\windows\system32\msetexif.exe
c:\windows\system32\mseuadp.exe
c:\windows\system32\mseuh.exe
c:\windows\system32\mseyqe.exe
c:\windows\system32\msezb.exe
c:\windows\system32\msezhq.exe
c:\windows\system32\msfah.exe
c:\windows\system32\msfaug.exe
c:\windows\system32\msfay.exe
c:\windows\system32\msfcbx.exe
c:\windows\system32\msfdpk.exe
c:\windows\system32\msfdvaou.exe
c:\windows\system32\msferrej.exe
c:\windows\system32\msffh.exe
c:\windows\system32\msffkri.exe
c:\windows\system32\msffmlb.exe
c:\windows\system32\msfftkt.exe
c:\windows\system32\msfgm.exe
c:\windows\system32\msfgn.exe
c:\windows\system32\msfgt.exe
c:\windows\system32\msfhlsp.exe
c:\windows\system32\msfivmy.exe
c:\windows\system32\msfiwdk.exe
c:\windows\system32\msfjz.exe
c:\windows\system32\msfmu.exe
c:\windows\system32\msfortm.exe
c:\windows\system32\msfpp.exe
c:\windows\system32\msfpye.exe
c:\windows\system32\msfqh.exe
c:\windows\system32\msfqr.exe
c:\windows\system32\msfquvhj.exe
c:\windows\system32\msfsjand.exe
c:\windows\system32\msftk.exe
c:\windows\system32\msfvjw.exe
c:\windows\system32\msfyk.exe
c:\windows\system32\msfzckru.exe
c:\windows\system32\msgadd.exe
c:\windows\system32\msgbsd.exe
c:\windows\system32\msgdm.exe
c:\windows\system32\msgfi.exe
c:\windows\system32\msghdjza.exe
c:\windows\system32\msgjc.exe
c:\windows\system32\msgjcl.exe
c:\windows\system32\msgjecd.exe
c:\windows\system32\msgjfrfd.exe
c:\windows\system32\msgkvom.exe
c:\windows\system32\msgkx.exe
c:\windows\system32\msgmhduo.exe
c:\windows\system32\msgml.exe
c:\windows\system32\msgonzq.exe
c:\windows\system32\msgown.exe
c:\windows\system32\msgoxtqw.exe
c:\windows\system32\msgpstp.exe
c:\windows\system32\msgpwdjt.exe
c:\windows\system32\msgpzn.exe
c:\windows\system32\msgqeb.exe
c:\windows\system32\msgrmk.exe
c:\windows\system32\msgrx.exe
c:\windows\system32\msgtqmow.exe
c:\windows\system32\msguqjh.exe
c:\windows\system32\msgvdvyf.exe
c:\windows\system32\msgvmsbo.exe
c:\windows\system32\msgwml.exe
c:\windows\system32\msgxabr.exe
c:\windows\system32\msgyugv.exe
c:\windows\system32\msgzp.exe
c:\windows\system32\mshacq.exe
c:\windows\system32\mshar.exe
c:\windows\system32\mshcim.exe
c:\windows\system32\mshckft.exe
c:\windows\system32\mshere.exe
c:\windows\system32\mshgg.exe
c:\windows\system32\mshgixt.exe
c:\windows\system32\mshgiys.exe
c:\windows\system32\mshhit.exe
c:\windows\system32\mshhpoj.exe
c:\windows\system32\mshia.exe
c:\windows\system32\mshid.exe
c:\windows\system32\mshjaong.exe
c:\windows\system32\mshjtikx.exe
c:\windows\system32\mshkqf.exe
c:\windows\system32\mshkr.exe
c:\windows\system32\mshnac.exe
c:\windows\system32\mshne.exe
c:\windows\system32\mshpui.exe
c:\windows\system32\mshqdw.exe
c:\windows\system32\mshrpm.exe
c:\windows\system32\mshsss.exe
c:\windows\system32\mshsvyf.exe
c:\windows\system32\mshtjdcu.exe
c:\windows\system32\mshubt.exe
c:\windows\system32\mshve.exe
c:\windows\system32\mshvgfk.exe
c:\windows\system32\mshwn.exe
c:\windows\system32\mshxqd.exe
c:\windows\system32\mshxsy.exe
c:\windows\system32\mshxy.exe
c:\windows\system32\mshya.exe
c:\windows\system32\mshyajk.exe
c:\windows\system32\mshzt.exe
c:\windows\system32\msialks.exe
c:\windows\system32\msiawm.exe
c:\windows\system32\msiclv.exe
c:\windows\system32\msictppf.exe
c:\windows\system32\msidxpjq.exe
c:\windows\system32\msien.exe
c:\windows\system32\msiena.exe
c:\windows\system32\msifjpby.exe
c:\windows\system32\msigvy.exe
c:\windows\system32\msihea.exe
c:\windows\system32\msihxl.exe
c:\windows\system32\msijrpme.exe
c:\windows\system32\msikgxd.exe
c:\windows\system32\msiknzhs.exe
c:\windows\system32\msiloyz.exe
c:\windows\system32\msimf.exe
c:\windows\system32\msimqg.exe
c:\windows\system32\msinag.exe
c:\windows\system32\msinjiy.exe
c:\windows\system32\msipowd.exe
c:\windows\system32\msiqwg.exe
c:\windows\system32\msirbbau.exe
c:\windows\system32\msirq.exe
c:\windows\system32\msirt.exe
c:\windows\system32\msisnk.exe
c:\windows\system32\msiuer.exe
c:\windows\system32\msiwr.exe
c:\windows\system32\msizoma.exe
c:\windows\system32\msizu.exe
c:\windows\system32\msizx.exe
c:\windows\system32\msjaixn.exe
c:\windows\system32\msjav.exe
c:\windows\system32\msjbsmd.exe
c:\windows\system32\msjehbit.exe
c:\windows\system32\msjgmux.exe
c:\windows\system32\msjgwycs.exe
c:\windows\system32\msjhom.exe
c:\windows\system32\msjhte.exe
c:\windows\system32\msjigu.exe
c:\windows\system32\msjjy.exe
c:\windows\system32\msjklap.exe
c:\windows\system32\msjkvlxz.exe
c:\windows\system32\msjlod.exe
c:\windows\system32\msjlokmc.exe
c:\windows\system32\msjlpqc.exe
c:\windows\system32\msjls.exe
c:\windows\system32\msjnlgu.exe
c:\windows\system32\msjnx.exe
c:\windows\system32\msjoeh.exe
c:\windows\system32\msjokpsk.exe
c:\windows\system32\msjppyp.exe
c:\windows\system32\msjqv.exe
c:\windows\system32\msjrl.exe
c:\windows\system32\msjtqyg.exe
c:\windows\system32\msjuxrqz.exe
c:\windows\system32\msjvfktb.exe
c:\windows\system32\msjvhemy.exe
c:\windows\system32\msjwj.exe
c:\windows\system32\msjxvf.exe
c:\windows\system32\msjxwv.exe
c:\windows\system32\msjyjt.exe
c:\windows\system32\msjyq.exe
c:\windows\system32\msjyub.exe
c:\windows\system32\mskbzoy.exe
c:\windows\system32\mskcue.exe
c:\windows\system32\mskda.exe
c:\windows\system32\mskdrgp.exe
c:\windows\system32\mskds.exe
c:\windows\system32\mskebk.exe
c:\windows\system32\mskfam.exe
c:\windows\system32\mskhfoi.exe
c:\windows\system32\mskhj.exe
c:\windows\system32\mskictao.exe
c:\windows\system32\mskiznkn.exe
c:\windows\system32\mskjaad.exe
c:\windows\system32\mskkk.exe
c:\windows\system32\mskkui.exe
c:\windows\system32\mskmafs.exe
c:\windows\system32\mskmaqo.exe
c:\windows\system32\mskmzuer.exe
c:\windows\system32\mskol.exe
c:\windows\system32\mskoqru.exe
c:\windows\system32\mskpk.exe
c:\windows\system32\mskqct.exe
c:\windows\system32\mskqj.exe
c:\windows\system32\mskrhes.exe
c:\windows\system32\mskryo.exe
c:\windows\system32\mskryr.exe
c:\windows\system32\mskshv.exe
c:\windows\system32\msktayx.exe
c:\windows\system32\mskvkijy.exe
c:\windows\system32\mskwsgmh.exe
c:\windows\system32\mskxi.exe
c:\windows\system32\mskxk.exe
c:\windows\system32\mskxrpr.exe
c:\windows\system32\mskzmeof.exe
c:\windows\system32\mslahga.exe
c:\windows\system32\mslalb.exe
c:\windows\system32\mslcbyx.exe
c:\windows\system32\mslcfd.exe
c:\windows\system32\mslcraq.exe
c:\windows\system32\msldvd.exe
c:\windows\system32\mslexj.exe
c:\windows\system32\mslghdar.exe
c:\windows\system32\mslhdct.exe
c:\windows\system32\mslhuc.exe
c:\windows\system32\mslikhs.exe
c:\windows\system32\msljin.exe
c:\windows\system32\msljxuks.exe
c:\windows\system32\mslkzp.exe
c:\windows\system32\mslmlecf.exe
c:\windows\system32\mslmn.exe
c:\windows\system32\mslmx.exe
c:\windows\system32\mslngtqv.exe
c:\windows\system32\mslnlxwf.exe
c:\windows\system32\msloabws.exe
c:\windows\system32\mslot.exe
c:\windows\system32\mslpd.exe
c:\windows\system32\mslpyhew.exe
c:\windows\system32\mslqerpl.exe
c:\windows\system32\mslqgib.exe
c:\windows\system32\mslqj.exe
c:\windows\system32\mslqk.exe
c:\windows\system32\mslqwnlz.exe
c:\windows\system32\mslqzse.exe
c:\windows\system32\mslriv.exe
c:\windows\system32\mslrps.exe
c:\windows\system32\mslrt.exe
c:\windows\system32\msltgb.exe
c:\windows\system32\mslthm.exe
c:\windows\system32\msltunaa.exe
c:\windows\system32\msluu.exe
c:\windows\system32\mslvrwry.exe
c:\windows\system32\mslvvzv.exe
c:\windows\system32\mslwgw.exe
c:\windows\system32\mslwnmq.exe
c:\windows\system32\mslxrdc.exe
c:\windows\system32\mslxtolg.exe
c:\windows\system32\mslyoetv.exe
c:\windows\system32\mslzhmq.exe
c:\windows\system32\mslzpdl.exe
c:\windows\system32\msmapsj.exe
c:\windows\system32\msmbwjdf.exe
c:\windows\system32\msmdqk.exe
c:\windows\system32\msmdyva.exe
c:\windows\system32\msmfc.exe
c:\windows\system32\msmgderk.exe
c:\windows\system32\msmgnrnq.exe
c:\windows\system32\msmgts.exe
c:\windows\system32\msmhirhe.exe
c:\windows\system32\msmhmaf.exe
c:\windows\system32\msmho.exe
c:\windows\system32\msmikbi.exe
c:\windows\system32\msmio.exe
c:\windows\system32\msmiuq.exe
c:\windows\system32\msmlo.exe
c:\windows\system32\msmmck.exe
c:\windows\system32\msmmj.exe
c:\windows\system32\msmnex.exe
c:\windows\system32\msmni.exe
c:\windows\system32\msmnn.exe
c:\windows\system32\msmnxz.exe
c:\windows\system32\msmopx.exe
c:\windows\system32\msmpkma.exe
c:\windows\system32\msmqqpoe.exe
c:\windows\system32\msmrfzp.exe
c:\windows\system32\msmrscb.exe
c:\windows\system32\msmrynwa.exe
c:\windows\system32\msmtswq.exe
c:\windows\system32\msmugnox.exe
c:\windows\system32\msmxkgib.exe
c:\windows\system32\msmxuzs.exe
c:\windows\system32\msmyff.exe
c:\windows\system32\msmyqvop.exe
c:\windows\system32\msmywco.exe
c:\windows\system32\msmzljd.exe
c:\windows\system32\msnbj.exe
c:\windows\system32\msnbjw.exe
c:\windows\system32\msnbmdk.exe
c:\windows\system32\msnczm.exe
c:\windows\system32\msndal.exe
c:\windows\system32\msnde.exe
c:\windows\system32\msneh.exe
c:\windows\system32\msneumgy.exe
c:\windows\system32\msnfsibe.exe
c:\windows\system32\msngvz.exe
c:\windows\system32\msnit.exe
c:\windows\system32\msniv.exe
c:\windows\system32\msnjdf.exe
c:\windows\system32\msnkmqd.exe
c:\windows\system32\msnkrr.exe
c:\windows\system32\msnmx.exe
c:\windows\system32\msnmzqqp.exe
c:\windows\system32\msnnx.exe
c:\windows\system32\msnonca.exe
c:\windows\system32\msnoyx.exe
c:\windows\system32\msnqge.exe
c:\windows\system32\msnqkil.exe
c:\windows\system32\msnrowoj.exe
c:\windows\system32\msnspbl.exe
c:\windows\system32\msnthhu.exe
c:\windows\system32\msntn.exe
c:\windows\system32\msnuw.exe
c:\windows\system32\msnwd.exe
c:\windows\system32\msnwp.exe
c:\windows\system32\msnxsbp.exe
c:\windows\system32\msnyg.exe
c:\windows\system32\msnzgjdn.exe
c:\windows\system32\msnzy.exe
c:\windows\system32\msoajv.exe
c:\windows\system32\msoaouea.exe
c:\windows\system32\msocckw.exe
c:\windows\system32\msodo.exe
c:\windows\system32\msodx.exe
c:\windows\system32\msogdhl.exe
c:\windows\system32\msogxiy.exe
c:\windows\system32\msohmtko.exe
c:\windows\system32\msojndyv.exe
c:\windows\system32\msokj.exe
c:\windows\system32\msoksetq.exe
c:\windows\system32\msomwq.exe
c:\windows\system32\msonbi.exe
c:\windows\system32\msonilmj.exe
c:\windows\system32\msooekk.exe
c:\windows\system32\msopcmsh.exe
c:\windows\system32\msopz.exe
c:\windows\system32\msorfbog.exe
c:\windows\system32\msosgmn.exe
c:\windows\system32\msosisyk.exe
c:\windows\system32\msousha.exe
c:\windows\system32\msouw.exe
c:\windows\system32\msouyexd.exe
c:\windows\system32\msowl.exe
c:\windows\system32\msoyf.exe
c:\windows\system32\msoyvf.exe
c:\windows\system32\msozptj.exe
c:\windows\system32\msozy.exe
c:\windows\system32\mspacmk.exe
c:\windows\system32\mspbkft.exe
c:\windows\system32\mspcc.exe
c:\windows\system32\mspcy.exe
c:\windows\system32\mspczldp.exe
c:\windows\system32\mspgloug.exe
c:\windows\system32\msphirj.exe
c:\windows\system32\msphklc.exe
c:\windows\system32\msphyyjo.exe
c:\windows\system32\mspib.exe
c:\windows\system32\mspidh.exe
c:\windows\system32\mspigfp.exe
c:\windows\system32\mspjqca.exe
c:\windows\system32\mspmfqji.exe
c:\windows\system32\mspnfv.exe
c:\windows\system32\mspnpet.exe
c:\windows\system32\mspolob.exe
c:\windows\system32\mspom.exe
c:\windows\system32\msppkimj.exe
c:\windows\system32\mspplxm.exe
c:\windows\system32\msppm.exe
c:\windows\system32\msppslh.exe
c:\windows\system32\mspptnns.exe
c:\windows\system32\msppubm.exe
c:\windows\system32\mspqbrwg.exe
c:\windows\system32\mspsd.exe
c:\windows\system32\mspsu.exe
c:\windows\system32\msptke.exe
c:\windows\system32\msptuyqi.exe
c:\windows\system32\msptvmw.exe
c:\windows\system32\mspvcfy.exe
c:\windows\system32\mspvhm.exe
c:\windows\system32\mspvvu.exe
c:\windows\system32\mspwikc.exe
c:\windows\system32\mspwnyl.exe
c:\windows\system32\mspyl.exe
c:\windows\system32\mspzro.exe
c:\windows\system32\msqcsuu.exe
c:\windows\system32\msqcyw.exe
c:\windows\system32\msqenx.exe
c:\windows\system32\msqfsapr.exe
c:\windows\system32\msqgacd.exe
c:\windows\system32\msqhdbqa.exe
c:\windows\system32\msqimj.exe
c:\windows\system32\msqjxst.exe
c:\windows\system32\msqleem.exe
c:\windows\system32\msqmw.exe
c:\windows\system32\msqplz.exe
c:\windows\system32\msqrgt.exe
c:\windows\system32\msqrqri.exe
c:\windows\system32\msqrttbj.exe
c:\windows\system32\msqryoal.exe
c:\windows\system32\msqsp.exe
c:\windows\system32\msqsrq.exe
c:\windows\system32\msqstk.exe
c:\windows\system32\msqua.exe
c:\windows\system32\msqvzud.exe
c:\windows\system32\msqwh.exe
c:\windows\system32\msqwrbxb.exe
c:\windows\system32\msqwzqcd.exe
c:\windows\system32\msqxlh.exe
c:\windows\system32\msqyj.exe
c:\windows\system32\msqzujp.exe
c:\windows\system32\msrag.exe
c:\windows\system32\msrahjpt.exe
c:\windows\system32\msraiwqd.exe
c:\windows\system32\msrbiuo.exe
c:\windows\system32\msrcc.exe
c:\windows\system32\msrdq.exe
c:\windows\system32\msrdxzqm.exe
c:\windows\system32\msrekqn.exe
c:\windows\system32\msrepaf.exe
c:\windows\system32\msrgawa.exe
c:\windows\system32\msrhamrg.exe
c:\windows\system32\msrinfkd.exe
c:\windows\system32\msrkyqhf.exe
c:\windows\system32\msrlsvr.exe
c:\windows\system32\msrltyek.exe
c:\windows\system32\msrmbu.exe
c:\windows\system32\msrnit.exe
c:\windows\system32\msrnlth.exe
c:\windows\system32\msrpx.exe
c:\windows\system32\msrqh.exe
c:\windows\system32\msrtiulh.exe
c:\windows\system32\msrvok.exe
c:\windows\system32\msrwwl.exe
c:\windows\system32\msryb.exe
c:\windows\system32\msrziigi.exe
c:\windows\system32\msrzjchp.exe
c:\windows\system32\mssakvqt.exe
c:\windows\system32\mssam.exe
c:\windows\system32\mssauvcr.exe
c:\windows\system32\mssbbs.exe
c:\windows\system32\mssbis.exe
c:\windows\system32\mssexra.exe
c:\windows\system32\mssgma.exe
c:\windows\system32\mssid.exe
c:\windows\system32\mssiwcy.exe
c:\windows\system32\mssiyugg.exe
c:\windows\system32\mssjy.exe
c:\windows\system32\msskcc.exe
c:\windows\system32\msslbao.exe
c:\windows\system32\msslo.exe
c:\windows\system32\msslps.exe
c:\windows\system32\msslsfdr.exe
c:\windows\system32\msslyq.exe
c:\windows\system32\msspv.exe
c:\windows\system32\mssqgrk.exe
c:\windows\system32\mssqph.exe
c:\windows\system32\mssqr.exe
c:\windows\system32\mssre.exe
c:\windows\system32\msssd.exe
c:\windows\system32\msssjz.exe
c:\windows\system32\mssss.exe
c:\windows\system32\mssyd.exe
c:\windows\system32\mssyibu.exe
c:\windows\system32\mssynqsi.exe
c:\windows\system32\msszh.exe
c:\windows\system32\mstcez.exe
c:\windows\system32\mstcrnx.exe
c:\windows\system32\msteic.exe
c:\windows\system32\mstewob.exe
c:\windows\system32\mstfq.exe
c:\windows\system32\mstfw.exe
c:\windows\system32\msthr.exe
c:\windows\system32\mstibda.exe
c:\windows\system32\mstle.exe
c:\windows\system32\mstms.exe
c:\windows\system32\mstmvmc.exe
c:\windows\system32\mstoc.exe
c:\windows\system32\mstpbt.exe
c:\windows\system32\mstpc.exe
c:\windows\system32\mstpgiz.exe
c:\windows\system32\mstpgl.exe
c:\windows\system32\mstqxxo.exe
c:\windows\system32\mstrd.exe
c:\windows\system32\mstrdz.exe
c:\windows\system32\mstsffsa.exe
c:\windows\system32\mstttbs.exe
c:\windows\system32\mstuft.exe
c:\windows\system32\mstuza.exe
c:\windows\system32\mstvotp.exe
c:\windows\system32\mstwtywx.exe
c:\windows\system32\mstxj.exe
c:\windows\system32\mstxjg.exe
c:\windows\system32\mstxxd.exe
c:\windows\system32\mstyhs.exe
c:\windows\system32\mstzcae.exe
c:\windows\system32\mstzy.exe
c:\windows\system32\msuaa.exe
c:\windows\system32\msuajyk.exe
c:\windows\system32\msubatxr.exe
c:\windows\system32\msubeuzj.exe
c:\windows\system32\msubsxt.exe
c:\windows\system32\msudhmlu.exe
c:\windows\system32\msudot.exe
c:\windows\system32\msuds.exe
c:\windows\system32\msudzu.exe
c:\windows\system32\msufd.exe
c:\windows\system32\msufjew.exe
c:\windows\system32\msuhnujx.exe
c:\windows\system32\msuihr.exe
c:\windows\system32\msujz.exe
c:\windows\system32\msukcc.exe
c:\windows\system32\msulsn.exe
c:\windows\system32\msump.exe
c:\windows\system32\msunfgrc.exe
c:\windows\system32\msunr.exe
c:\windows\system32\msupjbv.exe
c:\windows\system32\msuqg.exe
c:\windows\system32\msuqtds.exe
c:\windows\system32\msurvbju.exe
c:\windows\system32\msusa.exe
c:\windows\system32\msuskwh.exe
c:\windows\system32\msusvdbn.exe
c:\windows\system32\msutoibn.exe
c:\windows\system32\msutq.exe
c:\windows\system32\msuttott.exe
c:\windows\system32\msuvc.exe
c:\windows\system32\msuvel.exe
c:\windows\system32\msuvknd.exe
c:\windows\system32\msuyc.exe
c:\windows\system32\msuyzolx.exe
c:\windows\system32\msvagq.exe
c:\windows\system32\msvakoel.exe
c:\windows\system32\msvaxbk.exe
c:\windows\system32\msvbqn.exe
c:\windows\system32\msvesfhl.exe
c:\windows\system32\msvexbol.exe
c:\windows\system32\msvffjd.exe
c:\windows\system32\msvft.exe
c:\windows\system32\msvgqf.exe
c:\windows\system32\msvhcsq.exe
c:\windows\system32\msvhje.exe
c:\windows\system32\msviz.exe
c:\windows\system32\msvjnyon.exe
c:\windows\system32\msvjxmzy.exe
c:\windows\system32\msvkhz.exe
c:\windows\system32\msvkjqc.exe
c:\windows\system32\msvkr.exe
c:\windows\system32\msvkxks.exe
c:\windows\system32\msvky.exe
c:\windows\system32\msvlsv.exe
c:\windows\system32\msvnsqy.exe
c:\windows\system32\msvnz.exe
c:\windows\system32\msvofxja.exe
c:\windows\system32\msvpaco.exe
c:\windows\system32\msvpirnd.exe
c:\windows\system32\msvqga.exe
c:\windows\system32\msvqogis.exe
c:\windows\system32\msvsmcxi.exe
c:\windows\system32\msvtsj.exe
c:\windows\system32\msvugs.exe
c:\windows\system32\msvwxvzd.exe
c:\windows\system32\msvxbx.exe
c:\windows\system32\msvxdli.exe
c:\windows\system32\msvxv.exe
c:\windows\system32\msvxveo.exe
c:\windows\system32\msvypfn.exe
c:\windows\system32\msvyu.exe
c:\windows\system32\msvyx.exe
c:\windows\system32\msvzfc.exe
c:\windows\system32\msvzoj.exe
c:\windows\system32\msvzpzk.exe
c:\windows\system32\msvzzn.exe
c:\windows\system32\msway.exe
c:\windows\system32\mswbhzu.exe
c:\windows\system32\mswcffc.exe
c:\windows\system32\mswdarmt.exe
c:\windows\system32\msweye.exe
c:\windows\system32\mswfgzo.exe
c:\windows\system32\mswfs.exe
c:\windows\system32\mswgx.exe
c:\windows\system32\mswiq.exe
c:\windows\system32\mswjacm.exe
c:\windows\system32\mswjmlvh.exe
c:\windows\system32\mswkccdj.exe
c:\windows\system32\mswkxko.exe
c:\windows\system32\mswoi.exe
c:\windows\system32\mswojm.exe
c:\windows\system32\mswpg.exe
c:\windows\system32\mswph.exe
c:\windows\system32\mswplfof.exe
c:\windows\system32\mswpooom.exe
c:\windows\system32\mswrij.exe
c:\windows\system32\mswrt.exe
c:\windows\system32\mswrvdz.exe
c:\windows\system32\mswrvh.exe
c:\windows\system32\mswsol.exe
c:\windows\system32\mswtiq.exe
c:\windows\system32\mswtp.exe
c:\windows\system32\mswuv.exe
c:\windows\system32\mswvigsl.exe
c:\windows\system32\mswxkn.exe
c:\windows\system32\mswxrm.exe
c:\windows\system32\mswzs.exe
c:\windows\system32\msxaggvh.exe
c:\windows\system32\msxah.exe
c:\windows\system32\msxahff.exe
c:\windows\system32\msxennk.exe
c:\windows\system32\msxhv.exe
c:\windows\system32\msxkbiu.exe
c:\windows\system32\msxkocu.exe
c:\windows\system32\msxmx.exe
c:\windows\system32\msxnk.exe
c:\windows\system32\msxogy.exe
c:\windows\system32\msxqu.exe
c:\windows\system32\msxrx.exe
c:\windows\system32\msxvmebm.exe
c:\windows\system32\msxvnl.exe
c:\windows\system32\msxwh.exe
c:\windows\system32\msxwhw.exe
c:\windows\system32\msxwkx.exe
c:\windows\system32\msxwnd.exe
c:\windows\system32\msyaclo.exe
c:\windows\system32\msybmw.exe
c:\windows\system32\msyboftu.exe
c:\windows\system32\msybrpm.exe
c:\windows\system32\msybvufi.exe
c:\windows\system32\msybx.exe
c:\windows\system32\msycia.exe
c:\windows\system32\msycikzf.exe
c:\windows\system32\msycmrz.exe
c:\windows\system32\msydgq.exe
c:\windows\system32\msydppyx.exe
c:\windows\system32\msyduiox.exe
c:\windows\system32\msyeoh.exe
c:\windows\system32\msyeq.exe
c:\windows\system32\msyfady.exe
c:\windows\system32\msyfberw.exe
c:\windows\system32\msyfxmbd.exe
c:\windows\system32\msygh.exe
c:\windows\system32\msyhi.exe
c:\windows\system32\msyhou.exe
c:\windows\system32\msyhpyki.exe
c:\windows\system32\msyia.exe
c:\windows\system32\msyiorne.exe
c:\windows\system32\msyizslw.exe
c:\windows\system32\msyjff.exe
c:\windows\system32\msyjiv.exe
c:\windows\system32\msyku.exe
c:\windows\system32\msylc.exe
c:\windows\system32\msymjm.exe
c:\windows\system32\msypljy.exe
c:\windows\system32\msyqgd.exe
c:\windows\system32\msyqqf.exe
c:\windows\system32\msyssn.exe
c:\windows\system32\msytp.exe
c:\windows\system32\msyux.exe
c:\windows\system32\msyvhnxr.exe
c:\windows\system32\msywviu.exe
c:\windows\system32\msyxcok.exe
c:\windows\system32\msyxmkuq.exe
c:\windows\system32\msyyiree.exe
c:\windows\system32\msyyp.exe
c:\windows\system32\msyzds.exe
c:\windows\system32\msyzgxmi.exe
c:\windows\system32\msyzkbh.exe
c:\windows\system32\mszbuj.exe
c:\windows\system32\mszbvtvz.exe
c:\windows\system32\mszcxjwg.exe
c:\windows\system32\mszfpw.exe
c:\windows\system32\mszgjv.exe
c:\windows\system32\mszgs.exe
c:\windows\system32\mszhegb.exe
c:\windows\system32\msziwk.exe
c:\windows\system32\mszjal.exe
c:\windows\system32\mszjer.exe
c:\windows\system32\mszjt.exe
c:\windows\system32\mszmaq.exe
c:\windows\system32\msznfvy.exe
c:\windows\system32\mszoqjaj.exe
c:\windows\system32\mszpubxv.exe
c:\windows\system32\mszquzyf.exe
c:\windows\system32\mszqzel.exe
c:\windows\system32\mszroswt.exe
c:\windows\system32\mszrv.exe
c:\windows\system32\mszss.exe
c:\windows\system32\mszsto.exe
c:\windows\system32\msztijyl.exe
c:\windows\system32\msztrcji.exe
c:\windows\system32\mszvhzyh.exe
c:\windows\system32\mszwnk.exe
c:\windows\system32\mszwsc.exe
c:\windows\system32\mszxfs.exe
c:\windows\system32\mszxg.exe
c:\windows\system32\mszxzoe.exe
c:\windows\system32\mszyfnaf.exe
c:\windows\system32\mszza.exe
c:\windows\system32\mszzvl.exe
c:\windows\system32\mszzx.exe
c:\windows\system32\pcmstub.sys
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_DRV
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_drv
-------\Service_pcmstub


(((((((((((((((((((((((((   Files Created from 2009-06-07 to 2009-07-07  )))))))))))))))))))))))))))))))
.

2009-07-07 00:41 . 2009-07-07 05:24      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 05:23      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27      38160      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27      19096      ----a-w-      c:\windows\system32\drivers\mbam.sys
2009-07-04 23:41 . 2009-07-04 23:43      --------      d-----w-      c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48      --------      d-----w-      c:\windows\system32\MpEngineStore
2009-07-04 15:47 . 2009-07-04 15:47      --------      d-----w-      C:\2dea2e97758a8ce4bbf4ecf03635
2009-07-04 15:46 . 2009-07-04 15:46      --------      d-----w-      c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44      --------      d-----w-      c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25      --------      d-----w-      c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16      --------      d-----w-      c:\windows\LMI2C.tmp
2009-07-04 11:15 . 2009-07-04 11:15      --------      d-----w-      C:\_828453_
2009-07-04 00:01 . 2009-07-04 00:01      214      ----a-w-      c:\windows\567788.bat
2009-07-03 10:33 . 2009-07-03 10:33      --------      d-----w-      c:\program files\drv
2009-07-03 10:28 . 2009-07-03 10:28      28672      ----a-w-      C:\fdvjfx.exe
2009-07-03 10:27 . 2009-07-03 10:28      219645      ----a-w-      C:\gklrwl.exe
2009-07-03 10:26 . 2009-07-03 10:27      --------      d-sh--w-      c:\windows\System Volume Information
2009-07-03 10:26 . 1980-08-17 00:00      28160      ----a-w-      C:\tcburi.exe.dat
2009-07-03 10:25 . 2009-07-03 10:26      39424      ----a-w-      C:\tcburi.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 21:24 . 2005-12-03 18:27      --------      d-----w-      c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04      4184      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2009-07-04 18:02 . 2005-12-03 21:04      104      --sh--r-      c:\windows\system32\3D9C5D6373.sys
2009-07-04 11:24 . 2009-07-03 10:35      4      ---h--w-      c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18      344064      ----a-w-      c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-08-16 10:18      668160      ----a-w-      c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-08-16 10:18      81920      ----a-w-      c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-08-16 10:18      1846656      ----a-w-      c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-08-16 10:18      584192      ----a-w-      c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2008-11-22 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/3/2009 5:33 AM 9344]
S1 wnowuxog;wnowuxog;\??\c:\windows\system32\drivers\wnowuxog.sys --> c:\windows\system32\drivers\wnowuxog.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv      REG_MULTI_SZ         drv
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mediacomtoday.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-07-07  1:00 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-07 06:00

Pre-Run: 62,457,442,304 bytes free
Post-Run: 62,367,428,608 bytes free

926      --- E O F ---      2009-07-07 02:23
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Combofix deleted a lot of bad files there!

Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\567788.bat
C:\tcburi.exe.dat
C:\tcburi.exe
c:\windows\system32\drivers\wnowuxog.sys

Folder::
c:\program files\drv
C:\_828453_

DirLook::
c:\windows\System Volume Information
c:\windows\Fonts\mlog
c:\windows\LMIA.tmp
c:\windows\LMI2C.tmp

Driver::
wnowuxog
drvdrv
drv

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
"drv"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:cEris
Comment Utility
Thanks a bunch rpggamergirl! That worked like a charm. It cleaned up the malware. I've ran spybot a few times and ComboFix again and everything looks clean. Thank you very much!

That said there is still a very odd problem. I can not access Internet Explorer anymore. This is something that started (among so many other things) when the System Security spyware struck the computer but I can not undo it. I've gone through the steps to make sure the user has ownership of both the program iexplorer and the folder c:/programfiles/internetexplorer..

I installed Firefox. The problem with Internet Explorer not working is now updates will not work either. I tried to Uninstall explorer and reinstall but when I try installing IE7 or IE8 it gets to the end of the whole install process and says the Update was not successful. Which is what happens when I try to update the system.

Any ideas as to why this one program is still giving trouble? Any way to gain permission to use it?
Oh right, that's the error message, the "Windows can not access the specific device, path, or file. You may not have permission to access the item."

The permissions are set for Full Control for everyone, and the owner is set to the user (it also does the same problem when administrator is owner)

Thanks so much again for the expert advice to solve the Malware issue!



ComboFix 09-07-06.02 - Tom Cosat 07/08/2009  1:52.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.502.272 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\9751.msi

.
(((((((((((((((((((((((((   Files Created from 2009-06-08 to 2009-07-08  )))))))))))))))))))))))))))))))
.

2009-07-08 06:35 . 2006-05-25 15:29      22752      ----a-w-      c:\windows\system32\spupdsvc.exe
2009-07-08 06:20 . 2009-07-08 06:20      --------      d-----w-      c:\windows\system32\bits
2009-07-08 06:19 . 2007-03-29 12:56      8192      ------w-      c:\windows\system32\dllcache\bitsprx2.dll
2009-07-08 06:19 . 2007-03-29 12:56      7168      ------w-      c:\windows\system32\dllcache\bitsprx4.dll
2009-07-08 06:19 . 2007-03-29 12:56      7168      ------w-      c:\windows\system32\dllcache\bitsprx3.dll
2009-07-08 06:19 . 2007-03-29 12:56      7168      ------w-      c:\windows\system32\bitsprx4.dll
2009-07-08 06:19 . 2007-03-29 12:56      409600      ------w-      c:\windows\system32\dllcache\qmgr.dll
2009-07-08 06:19 . 2007-03-29 12:56      18944      ------w-      c:\windows\system32\dllcache\qmgrprxy.dll
2009-07-08 05:57 . 2009-07-08 05:57      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-08 05:30 . 2009-07-08 05:30      --------      d-----w-      c:\documents and settings\Tom Cosat\Local Settings\Application Data\Mozilla
2009-07-08 05:20 . 2009-07-08 05:20      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-07-08 05:07 . 2009-07-08 05:07      --------      d--h--w-      c:\windows\PIF
2009-07-08 03:14 . 2009-07-08 03:14      --------      d-----w-      c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03      --------      d-----w-      c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15      --------      d-----w-      c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59      294912      ------w-      c:\windows\system32\dllcache\msctf.dll
2009-07-07 05:55 . 2004-08-10 11:00      50176      ----a-w-      c:\windows\system32\proquota.exe
2009-07-07 05:55 . 2004-08-10 11:00      50176      ----a-w-      c:\windows\system32\dllcache\proquota.exe
2009-07-07 00:41 . 2009-07-07 10:00      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 23:41 . 2009-07-04 23:43      --------      d-----w-      c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48      --------      d-----w-      c:\windows\system32\MpEngineStore
2009-07-04 15:47 . 2009-07-04 15:47      --------      d-----w-      C:\2dea2e97758a8ce4bbf4ecf03635
2009-07-04 15:46 . 2009-07-04 15:46      --------      d-----w-      c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44      --------      d-----w-      c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25      --------      d-----w-      c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16      --------      d-----w-      c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27      --------      d-sh--w-      c:\windows\System Volume Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 06:25 . 2005-12-03 21:04      61928      ----a-w-      c:\documents and settings\Tom Cosat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 21:24 . 2005-12-03 18:27      --------      d-----w-      c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04      4184      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2009-07-04 18:02 . 2005-12-03 21:04      104      --sh--r-      c:\windows\system32\3D9C5D6373.sys
2009-07-04 11:24 . 2009-07-03 10:35      4      ---ha-w-      c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18      344064      ----a-w-      c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-08-16 10:18      668160      ----a-w-      c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-08-16 10:18      81920      ----a-w-      c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-08-16 10:18      1846656      ----a-w-      c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-08-16 10:18      584192      ----a-w-      c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-07_05.57.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-23 04:49 . 2005-09-23 04:49      95744              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-03-26 06:00 . 2007-03-26 06:00      88824              c:\windows\system32\vxblock.dll
- 2007-03-26 07:00 . 2007-03-26 07:00      88824              c:\windows\system32\vxblock.dll
+ 2005-08-17 03:06 . 2008-07-09 07:38      26488              c:\windows\system32\spupdsvcOLD.exe
+ 2005-08-16 10:40 . 2007-03-29 12:56      18944              c:\windows\system32\qmgrprxy.dll
- 2005-08-16 10:40 . 2004-08-10 11:00      18944              c:\windows\system32\qmgrprxy.dll
+ 2008-02-13 22:16 . 2008-02-13 22:16      66032              c:\windows\system32\pxinsa64.exe
+ 2008-02-13 22:17 . 2008-02-13 22:17      66544              c:\windows\system32\pxcpya64.exe
+ 2005-08-16 10:18 . 2009-07-08 06:18      63016              c:\windows\system32\perfc009.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20      23552              c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20      24576              c:\windows\system32\nlsdl.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      74240              c:\windows\system32\mscories.dll
+ 2009-03-08 09:32 . 2007-08-13 23:39      13312              c:\windows\system32\ieudinit.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20      26112              c:\windows\system32\idndl.dll
+ 2008-02-13 22:16 . 2008-02-13 22:16      68080              c:\windows\system32\drvins64.exe
- 2007-03-29 09:00 . 2007-03-29 09:00      43528              c:\windows\system32\drivers\pxhelp20.sys
+ 2008-02-13 08:00 . 2008-02-13 08:00      43528              c:\windows\system32\drivers\pxhelp20.sys
+ 2005-09-23 12:28 . 2005-09-23 12:28      83456              c:\windows\system32\dfshim.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      26488              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\spcustom.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      17272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\spmsg.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      12800              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\xpshims.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      25600              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\jsproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      12800              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\xpshims.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      25600              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\jsproxy.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      26488              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\spcustom.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      17272              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\spmsg.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      28160              c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      71680              c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 12:28 . 2005-09-23 12:28      86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      47616              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      59072              c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      53248              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      78336              c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      14848              c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      96440              c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 12:29 . 2005-09-23 12:29      22528              c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      10240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      66240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      67072              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      73216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      69632              c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      12800              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      73728              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36      85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47      84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 11:30 . 2005-09-23 11:30      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47      81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47      82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 11:47 . 2005-09-23 11:47      82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46      83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46      81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46      83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 11:44 . 2005-09-23 11:44      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 11:42 . 2005-09-23 11:42      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40      84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40      83968              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38      86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 11:38 . 2005-09-23 11:38      81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 08:46 . 2005-09-23 08:46      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 11:36 . 2005-09-23 11:36      87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34      85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34      81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 11:34 . 2005-09-23 11:34      82944              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 11:32 . 2005-09-23 11:32      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29      80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      40960              c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      72192              c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      55296              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      52736              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      31936              c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      68608              c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      17920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      13312              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      76984              c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      88576              c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      29888              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      29896              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      26824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      13824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      70656              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      23552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      55488              c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      18944              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      86528              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      72704              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-07-08 06:19 . 2009-07-08 06:19      81920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3a7ec02a4f190c48a73228360a4b363b\Microsoft.Build.Framework.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      15360              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\efed50c6c5d11941b65134fa32c54395\dfsvc.ni.exe
+ 2009-07-08 06:19 . 2009-07-08 06:19      26624              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2686191bf7ff98428783e4748deebd2a\Accessibility.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      86016              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      73728              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      36864              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      68608              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-02-02 08:00 . 2007-02-02 08:00      9464              c:\windows\system32\drivers\cdralw2k.sys
- 2007-02-02 09:00 . 2007-02-02 09:00      9464              c:\windows\system32\drivers\cdralw2k.sys
- 2007-02-02 09:00 . 2007-02-02 09:00      9336              c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-02-02 08:00 . 2007-02-02 08:00      9336              c:\windows\system32\drivers\cdr4_xp.sys
+ 2005-08-16 10:40 . 2007-03-29 12:56      7168              c:\windows\system32\bitsprx3.dll
- 2005-08-16 10:40 . 2004-08-10 11:00      7168              c:\windows\system32\bitsprx3.dll
+ 2005-08-16 10:40 . 2007-03-29 12:56      8192              c:\windows\system32\bitsprx2.dll
- 2005-08-16 10:40 . 2004-08-10 11:00      8192              c:\windows\system32\bitsprx2.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7680              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      9728              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7680              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7680              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7680              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      7680              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      5632              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      114176              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48      626688              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48      548864              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 03:48 . 2005-09-23 03:48      479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2009-01-07 23:21 . 2009-01-07 23:21      121856              c:\windows\system32\xmllite.dll
+ 2005-08-16 10:40 . 2007-03-29 12:56      409600              c:\windows\system32\qmgr.dll
+ 2007-07-05 22:55 . 2007-07-05 22:55      158192              c:\windows\system32\pxwma.dll
+ 2007-07-05 22:55 . 2007-07-05 22:55      379376              c:\windows\system32\PxWave.dll
+ 2007-07-05 22:55 . 2007-07-05 22:55      186864              c:\windows\system32\PxMas.dll
+ 2008-02-13 22:16 . 2008-02-13 22:16      121328              c:\windows\system32\pxinsi64.exe
+ 2007-06-07 06:02 . 2007-06-07 06:02      535288              c:\windows\system32\pxdrv.dll
+ 2008-02-13 22:17 . 2008-02-13 22:17      120304              c:\windows\system32\pxcpyi64.exe
+ 2007-07-05 22:55 . 2007-07-05 22:55      567792              c:\windows\system32\Px.dll
+ 2005-08-16 10:18 . 2009-07-08 06:18      402406              c:\windows\system32\perfh009.dat
+ 2008-10-16 19:07 . 2008-10-16 19:07      208744              c:\windows\system32\muweb.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20      265720              c:\windows\system32\msdbg2.dll
+ 2005-08-16 10:18 . 2008-02-26 11:59      294912              c:\windows\system32\msctf.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      150016              c:\windows\system32\mscorier.dll
+ 2005-08-16 10:27 . 2009-07-08 06:23      234368              c:\windows\system32\FNTCACHE.DAT
+ 2009-07-08 06:19 . 2007-03-29 12:56      409600              c:\windows\system32\bits\qmgr.dll
+ 2009-07-08 00:13 . 2008-07-09 07:38      382840              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\updspapi.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      755576              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe
+ 2009-07-08 00:13 . 2007-11-30 12:39      231288              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\spuninst.exe
+ 2009-07-08 00:13 . 2009-05-13 05:10      915456              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      246272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ieproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      385536              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\iedkcs32.dll
+ 2009-07-08 00:13 . 2009-04-30 10:47      173056              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ie4uinit.exe
+ 2009-07-08 00:13 . 2009-05-13 05:15      915456              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      246272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ieproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      385536              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\iedkcs32.dll
+ 2009-07-08 00:13 . 2009-04-30 11:21      173056              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ie4uinit.exe
+ 2009-07-08 00:13 . 2008-07-08 13:02      382840              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\updspapi.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      755576              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\update.exe
+ 2009-07-08 00:13 . 2008-07-08 13:02      231288              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\spuninst.exe
+ 2009-07-08 00:13 . 2009-06-02 08:21      102912              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\SP3QFE\iecompat.dll
+ 2009-07-08 00:13 . 2009-06-02 10:12      102912              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\SP3GDR\iecompat.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      298496              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      823296              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      835584              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      260096              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      114688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      131072              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      299008              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      368640              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      114176              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      700416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      188416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      397312              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      884736              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      716800              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      482304              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      389120              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      377344              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      107520              c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      226816              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      330752              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      102400              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      326144              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      288768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      800768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      667648              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      372736              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      745472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      647168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      413696              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 12:57 . 2005-09-23 12:57      245408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 12:01 . 2005-09-23 12:01      609472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      224952              c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      788992              c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      547840              c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      503808              c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      138240              c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      208896              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      183808              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-07-08 06:11 . 2009-07-08 06:11      301056              c:\windows\Installer\c602.msi
+ 2009-07-08 06:20 . 2009-07-08 06:20      684032              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a9dda62650c90c4b8775054149fe7c3c\System.Transactions.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      729088              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\d2600b765323a344889a69e12fbc4ce0\System.Security.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      294912              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f24ab4f86a1161479831b34fc62e1171\System.EnterpriseServices.Wrapper.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      659456              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f24ab4f86a1161479831b34fc62e1171\System.EnterpriseServices.ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17      229376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\545500050c541645b396ac7ed8fdd4d7\System.Drawing.Design.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      512000              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\495ffd83325b8741b934669e2b6368ae\System.DirectoryServices.Protocols.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      962560              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\22fa67bf8980f14ba6109232a59b74d0\System.Configuration.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      163840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6f8804a4dd25914399253ce4d6a826a3\Microsoft.Build.Utilities.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      880640              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\09aca30462cae54fa03219859a0f89c2\Microsoft.Build.Engine.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      237568              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\192082f83078364080745828e07397a0\CustomMarshalers.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      860160              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\32986018bb38f74987637a756e4509e1\AspNetMMCExt.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      823296              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      299008              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      368640              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      700416              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      397312              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      884736              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      716800              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      389120              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      667648              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      745472              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      647168              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      413696              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      503808              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      260096              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      114176              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-07-08 06:15 . 2009-07-08 06:15      258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      482304              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-07-05 22:55 . 2007-07-05 22:55      1649136              c:\windows\system32\PxSFS.DLL
+ 2008-03-20 23:06 . 2008-03-20 23:06      1480232              c:\windows\system32\LegitCheckControl.dll
+ 2008-04-25 01:18 . 2008-04-25 01:18      3030568              c:\windows\sd_old\Download\9866fb57abdc0ea2f5d4e132d055ba4e\WindowsXP-KB936929-SP3-Express-x86-ENU.exe
+ 2009-07-08 00:13 . 2009-04-30 21:22      1207808              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\urlmon.dll
+ 2009-07-08 00:13 . 2009-05-13 05:10      5936128              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1985024              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\iertutil.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1207808              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\urlmon.dll
+ 2009-07-08 00:13 . 2009-05-13 05:15      5936128              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1985024              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\iertutil.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      1306624              c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 12:29 . 2005-09-23 12:29      1140920              c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 12:28 . 2005-09-23 12:28      2035712              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      5316608              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      3018752              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      5050368              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      2878976              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      5615616              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      4308992              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 12:28 . 2005-09-23 12:28      1144832              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      2109440              c:\windows\Installer\c618.msi
+ 2009-07-08 06:17 . 2009-07-08 06:17      8093696              c:\windows\assembly\NativeImages_v2.0.50727_32\System\714c48067ee222458120d58d113003e0\System.ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17      5640192              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cdd57b6c4303dd428e8bb6c4207dc276\System.Xml.ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17      1626112              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\01d38bf87e122c43ab6acef35e30e9d6\System.Drawing.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      1220608              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a48747ab5114914c8d276c436e8b1598\System.DirectoryServices.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      1716224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f3278ee4fa329a4b9161c0faa2b01a2b\System.Deployment.ni.dll
+ 2009-07-08 06:17 . 2009-07-08 06:17      6688768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\a8bed433d2cdaa4a81b7890318e93b7e\System.Data.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      1724416              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb5a6e1a3d077c4b9a640df54a22b1d7\Microsoft.VisualBasic.ni.dll
+ 2009-07-08 06:19 . 2009-07-08 06:19      1691648              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\18dfb9f03c30e647901a30406a91e6b5\Microsoft.Build.Tasks.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      3018752              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      2035712              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      5316608              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      5050368              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      5025792              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      2878976              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      4308992              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-08 00:19 . 2009-03-24 05:48      16883056              c:\windows\sd_old\Download\Install\IE8-WindowsXP-x86-ENU.exe
+ 2009-05-01 20:22 . 2009-05-01 20:22      11064832              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ieframe.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      11064832              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ieframe.dll
+ 2005-09-23 12:48 . 2005-09-23 12:48      24863744              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2009-07-08 06:17 . 2009-07-08 06:17      13107200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a43252cfc873ed41be69738ca23ef383\System.Windows.Forms.ni.dll
+ 2009-07-08 06:20 . 2009-07-08 06:20      11808768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1e6c77ee23f553459738fdf1f336e0b4\System.Web.ni.dll
+ 2009-07-08 06:18 . 2009-07-08 06:18      10723328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a95f7f060a1c7040a5cae4c8ebac256c\System.Design.ni.dll
+ 2009-07-08 06:16 . 2009-07-08 06:16      11415552              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\242754ae15b34b41a2064b887bb78bbb\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2008-11-22 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
FF - ProfilePath - c:\documents and settings\Tom Cosat\Application Data\Mozilla\Firefox\Profiles\7vd1twml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 01:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2009-07-08  1:59
ComboFix-quarantined-files.txt  2009-07-08 06:59
ComboFix2.txt  2009-07-08 04:47
ComboFix3.txt  2009-07-08 04:40
ComboFix4.txt  2009-07-07 09:20
ComboFix5.txt  2009-07-08 06:51

Pre-Run: 60,646,686,720 bytes free
Post-Run: 60,655,616,000 bytes free

503      --- E O F ---      2009-07-08 06:09
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
Comment Utility
Can you please let me look at the result of the script?
The above logfile that you posted is not from running the script, that's from Combofix 6th or 7th run.... I just wanted to look at result of the folders that I input in the "DirLook" section of the script, Combofix second run.

All the previous combofix logs are located in the C:\Qoobox

Can you also run DrWebCureIt?
http://www.freedrweb.com/

OR Kaspersky online scan(save the report)
http://www.kaspersky.com/virusscanner
0
 

Author Comment

by:cEris
Comment Utility
O.K. I just ran Dr Web Cureit and it did find a few more things that it cleaned up..

And here is the 2nd log file...

I can't thank you enough for this help!

ComboFix 09-07-06.02 - Tom Cosat 07/07/2009 23:42.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.502.253 [GMT -5:00]
Running from: c:\documents and settings\Tom Cosat\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2009-06-08 to 2009-07-08  )))))))))))))))))))))))))))))))
.

2009-07-08 03:14 . 2009-07-08 03:14      --------      d-----w-      c:\program files\VS Revo Group
2009-07-08 00:02 . 2009-07-08 00:03      --------      d-----w-      c:\windows\sd_old
2009-07-07 10:15 . 2009-07-07 10:15      --------      d-----w-      c:\documents and settings\Tom Cosat\Local Settings\Application Data\WMTools Downloaded Files
2009-07-07 09:54 . 2008-02-26 11:59      294912      ------w-      c:\windows\system32\dllcache\msctf.dll
2009-07-07 05:55 . 2004-08-10 11:00      50176      ----a-w-      c:\windows\system32\proquota.exe
2009-07-07 05:55 . 2004-08-10 11:00      50176      ----a-w-      c:\windows\system32\dllcache\proquota.exe
2009-07-07 00:41 . 2009-07-07 10:00      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 00:41 . 2009-07-07 09:41      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\Tom Cosat\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27      38160      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2009-07-06 21:13 . 2009-07-06 21:13      --------      d-----w-      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 21:13 . 2009-06-17 16:27      19096      ----a-w-      c:\windows\system32\drivers\mbam.sys
2009-07-04 23:41 . 2009-07-04 23:43      --------      d-----w-      c:\program files\Windows Live Safety Center
2009-07-04 17:39 . 2009-07-04 17:40      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMIA.tmp
2009-07-04 16:09 . 2009-07-04 16:09      --------      d-----w-      c:\windows\LMI9.tmp
2009-07-04 15:48 . 2009-07-04 15:48      --------      d-----w-      c:\windows\system32\MpEngineStore
2009-07-04 15:47 . 2009-07-04 15:47      --------      d-----w-      C:\2dea2e97758a8ce4bbf4ecf03635
2009-07-04 15:46 . 2009-07-04 15:46      --------      d-----w-      c:\windows\LMI8.tmp
2009-07-04 15:44 . 2009-07-04 15:44      --------      d-----w-      c:\windows\LMI7.tmp
2009-07-04 15:14 . 2009-07-06 21:25      --------      d-----w-      c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-04 15:09 . 2009-07-04 15:16      --------      d-----w-      c:\windows\LMI2C.tmp
2009-07-03 10:26 . 2009-07-03 10:27      --------      d-sh--w-      c:\windows\System Volume Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 21:24 . 2005-12-03 18:27      --------      d-----w-      c:\program files\Dl_cats
2009-07-04 18:02 . 2005-12-03 21:04      4184      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2009-07-04 18:02 . 2005-12-03 21:04      104      --sh--r-      c:\windows\system32\3D9C5D6373.sys
2009-07-04 11:24 . 2009-07-03 10:35      4      ---h--w-      c:\windows\Fonts\mlog
2009-05-07 15:44 . 2005-08-16 10:18      344064      ----a-w-      c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-08-16 10:18      668160      ----a-w-      c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-08-16 10:18      81920      ----a-w-      c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-08-16 10:18      1846656      ----a-w-      c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-08-16 10:18      584192      ----a-w-      c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-07_05.57.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-17 03:06 . 2008-07-09 07:38      26488              c:\windows\system32\spupdsvcOLD.exe
+ 2005-08-16 10:18 . 2009-07-07 09:11      53436              c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-07-07 05:48      53436              c:\windows\system32\perfc009.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20      23552              c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20      24576              c:\windows\system32\nlsdl.dll
+ 2009-03-08 09:32 . 2009-03-08 09:32      36864              c:\windows\system32\ieudinit.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20      26112              c:\windows\system32\idndl.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      26488              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\spcustom.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      17272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\spmsg.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      12800              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\xpshims.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      25600              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\jsproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      12800              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\xpshims.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      25600              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\jsproxy.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      26488              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\spcustom.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      17272              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\spmsg.dll
+ 2009-01-07 23:21 . 2009-01-07 23:21      121856              c:\windows\system32\xmllite.dll
+ 2005-08-16 10:18 . 2009-07-07 09:11      381692              c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2009-07-07 05:48      381692              c:\windows\system32\perfh009.dat
+ 2008-10-16 19:07 . 2008-10-16 19:07      208744              c:\windows\system32\muweb.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20      265720              c:\windows\system32\msdbg2.dll
+ 2005-08-16 10:18 . 2008-02-26 11:59      294912              c:\windows\system32\msctf.dll
+ 2009-07-08 00:13 . 2008-07-09 07:38      382840              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\updspapi.dll
+ 2009-07-08 00:13 . 2007-11-30 12:39      755576              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe
+ 2009-07-08 00:13 . 2007-11-30 12:39      231288              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\spuninst.exe
+ 2009-07-08 00:13 . 2009-05-13 05:10      915456              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      246272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ieproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      385536              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\iedkcs32.dll
+ 2009-07-08 00:13 . 2009-04-30 10:47      173056              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ie4uinit.exe
+ 2009-07-08 00:13 . 2009-05-13 05:15      915456              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      246272              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ieproxy.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      385536              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\iedkcs32.dll
+ 2009-07-08 00:13 . 2009-04-30 11:21      173056              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ie4uinit.exe
+ 2009-07-08 00:13 . 2008-07-08 13:02      382840              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\updspapi.dll
+ 2009-07-08 00:13 . 2008-07-08 13:02      755576              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\update\update.exe
+ 2009-07-08 00:13 . 2008-07-08 13:02      231288              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\spuninst.exe
+ 2009-07-08 00:13 . 2009-06-02 08:21      102912              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\SP3QFE\iecompat.dll
+ 2009-07-08 00:13 . 2009-06-02 10:12      102912              c:\windows\sd_old\Download\7b5e86592de99471f7da9382ca63ffe3\SP3GDR\iecompat.dll
+ 2008-03-20 23:06 . 2008-03-20 23:06      1480232              c:\windows\system32\LegitCheckControl.dll
+ 2008-04-25 01:18 . 2008-04-25 01:18      3030568              c:\windows\sd_old\Download\9866fb57abdc0ea2f5d4e132d055ba4e\WindowsXP-KB936929-SP3-Express-x86-ENU.exe
+ 2009-07-08 00:13 . 2009-04-30 21:22      1207808              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\urlmon.dll
+ 2009-07-08 00:13 . 2009-05-13 05:10      5936128              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1985024              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\iertutil.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1207808              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\urlmon.dll
+ 2009-07-08 00:13 . 2009-05-13 05:15      5936128              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      1985024              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\iertutil.dll
+ 2009-07-08 00:19 . 2009-03-24 05:48      16883056              c:\windows\sd_old\Download\Install\IE8-WindowsXP-x86-ENU.exe
+ 2009-05-01 20:22 . 2009-05-01 20:22      11064832              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\ieframe.dll
+ 2009-07-08 00:13 . 2009-04-30 21:22      11064832              c:\windows\sd_old\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\ieframe.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-10 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2008-11-22 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 23:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2009-07-08 23:47
ComboFix-quarantined-files.txt  2009-07-08 04:47
ComboFix2.txt  2009-07-08 04:40
ComboFix3.txt  2009-07-07 09:20
ComboFix4.txt  2009-07-07 08:50
ComboFix5.txt  2009-07-08 04:42

Pre-Run: 61,622,697,984 bytes free
Post-Run: 61,608,017,920 bytes free

172
0
 
LVL 3

Expert Comment

by:bleech677
Comment Utility
I would go ahead and try a repair by booting from the windows CD, after it runs go ahead and do a microsoft update - hopefully it works
0
 

Author Closing Comment

by:cEris
Comment Utility
Very helpful and nice person. Thanks SO much for the time and help. It's users like her that are why I continue to be a member.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
I'm so sorry to have missed posting back here.
The CFscript still wasn't run but I'm glad to know that DrWebCureIt found and removed some threats.

Please uninstall Combofix, specially that's now more than 2 months old. Combofix is updated quite often and there had been a few updates since then.

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Thank you for using Experts-Exchange!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This very simple solution applies to a narrow cross-section of the "needs to close" variety. In this case, the full message in Event Viewer was in applog, Event ID 1000: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module …
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now