|
|
| |
"Hijack This Log" posted by ~Ray
Posted on 2008-03-12 23:17:42 |
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:02:18 PM on 10/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss exeC:\WINDOWS\system32\winlogon exeC:\WINDOWS\system32\services exeC:\WINDOWS\system32\lsass exeC:\WINDOWS\system32\svchost exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng exeC:\WINDOWS\System32\svchost exeC:\WINDOWS\system32\spoolsv exeC:\WINDOWS\Explorer. EXEC:\WINDOWS\System32\DSentry exeC:\Program Files\Dell\Media Experience\PCMService exeC:\PROGRA~1\mcafee com\agent\mcagent exeC:\Program Files\BroadJump\Client Foundation\CFD exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exeC:\Program Files\Yahoo!\browser\ybrwicon exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient exeC:\schedule Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exeC:\schedule Files\DIGStream\digstream exeC:\Program Files\Common Files\InstallShield\UpdateService\issch exeC:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip exeC:\WINDOWS\system32\dla\tfswctrl exeC:\Program Files\Common Files\Real\Update_OB\realsched exeC:\WINDOWS\system32\WDBtnMgr exeC:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd exeC:\Program Files\iTunes\iTunesHelper exeC:\Program Files\Microsoft Windows OneCare Live\winssnotify exeC:\Program Files\Messenger\msmsgs exeC:\WINDOWS\system32\ctfmon exeC:\Program Files\DellSupport\DSAgnt exeC:\Program Files\WinAble\winable exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService exeC:\Program Files\Insider\Insider exeC:\Program Files\America Online 9.0\aoltray exeC:\Program Files\Bonjour\mDNSResponder exeC:\PROGRA~1\Yahoo!\browser\ycommon exeC:\WINDOWS\System32\CTsvcCDA exec:\schedule files\mcafee com\agent\mcdetect exec:\PROGRA~1\mcafee com\agent\mctskshd exeC:\Program Files\SBC Self give drive\bin\mpbtn exeC:\schedule Files\Common Files\Microsoft Shared\VS7DEBUG\MDM. EXEC:\schedule Files\Creative\SBLive\Diagnostics\diagent exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr exeC:\WINDOWS\System32\nvsvc32 exeC:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun exeC:\WINDOWS\System32\svchost exeC:\Program Files\Viewpoint\Common\ViewpointService exeC:\WINDOWS\wanmpsvc exeC:\WINDOWS\System32\MsPMSPSv exeC:\Program Files\Microsoft Windows OneCare be\Firewall\msfwsvc exeC:\schedule Files\Microsoft Windows OneCare Live\winss exeC:\schedule Files\iPod\bin\iPodService exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr exeC:\schedule Files\Internet Explorer\iexplore exeC:\Program Files\Internet Explorer\iexplore exeC:\PROGRA~1\RETROS~1\RETROS~1.0\remember exeD:\HiJackThis exeC:\Program Files\Internet Explorer\iexplore exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = * localO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\schedule Files\Yahoo!\Common\ycomp5_1_6_0 dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx dllO2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\yayvwxu dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\schedule Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain dllO2 - BHO: (no label) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fhmvegbk dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\schedule Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb dllO2 - BHO: (no label) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0 dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fhmvegbk dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32. EXE C:\WINDOWS\System32\NvCpl dll,NvStartupO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry exeO4 - HKLM\..\Run: [PCMService] "C:\schedule Files\Dell\Media undergo\PCMService exe"O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent exe" startupO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg. EXEO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee com\agent\mcagent exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee com\agent\mcupdate exeO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exeO4 - HKLM\..\Run: [YBrowser] C:\schedule Files\Yahoo!\browser\ybrwicon exeO4 - HKLM\..\Run: [IPInSightLAN 01] "C:\schedule Files\Visual Networks\Visual IP InSight\SBC\IPClient exe" -lO4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exe"O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\lay~1\modify~1\ISUSPM exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\schedule Files\Common Files\InstallShield\UpdateService\issch exe" -startO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck exe -CheckRegO4 - HKLM\..\Run: [USB2Check] RUNDLL32. EXE "C:\WINDOWS\System32\PCLECoInst dll",CheckUSBControllerO4 - HKLM\..\Run: [USBToolTip] "C:\schedule Files\surmount\Shared Files\Programs\USBTip\USBTip exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched exe" -osbootO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper exe"O4 - HKLM\..\Run: [ccedb5a6] rundll32 exe "C:\WINDOWS\system32\xjlswfac dll",bO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui exe" -hideO4 - HKLM\..\Run: [OneCareUI] "C:\schedule Files\Microsoft Windows OneCare Live\winssnotify exe"O4 - HKCU\..\Run: [MSMSGS] "C:\schedule Files\Messenger\msmsgs exe" /backgroundO4 - HKCU\..\Run: [ctfmon exe] C:\WINDOWS\system32\ctfmon exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt exe" /startupO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager exe AcRdB7_0_9O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable exeO4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider exeO4 - Global Startup: Adobe Reader Speed Launch lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl exeO4 - Global Startup: America Online 9.0 Tray Icon lnk = C:\Program Files\America Online 9.0\aoltray exeO4 - Global Startup: SBC Self give drive lnk = C:\Program Files\SBC Self Support Tool\bin\matcli exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL. EXE/3000O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict htmO8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava dllO9 - Extra add: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\schedule Files\Yahoo!\Common\ylogin dllO9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR. DLLO9 - Extra add: Real com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\schedule Files\Messenger\msmsgs exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid. LiquidHelper) - register://D:\components\Liquid ocxO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\schedule Files\Yahoo!\Common\Yinsthelper dllO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee com Operating System Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin disapprove) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl categorise) - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns datO20 - Winlogon inform: fhmvegbk - C:\WINDOWS\SYSTEM32\fhmvegbk dllO20 - Winlogon Notify: yayvwxu - C:\WINDOWS\SYSTEM32\yayvwxu dllO23 - function: AOL Connectivity function (AOL ACS) - America Online. Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd exeO23 - Service: Apple Mobile Device - Apple. Inc. - C:\Program Files\Common Files\Apple\Mobile Device give\bin\AppleMobileDeviceService exeO23 - Service: Bonjour function - Apple Computer. Inc. - C:\Program Files\Bonjour\mDNSResponder exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT exeO23 - function: iPod function - Apple Inc. - C:\schedule Files\iPod\bin\iPodService exeO23 - function: McAfee WSC Integration (McDetect exe) - McAfee. Inc - c:\program files\mcafee com\agent\mcdetect exeO23 - function: McAfee assign Scheduler (McTskshd exe) - McAfee. Inc - c:\PROGRA~1\mcafee com\agent\mctskshd exeO23 - function: McAfee SecurityCenter Update Manager (mcupdmgr exe) - McAfee. Inc - C:\PROGRA~1\McAfee com\Agent\mcupdmgr exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\adjust\NetSvc exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 exeO23 - Service: Retrospect convey HD Helper (RetroExp Helper) - EMC Corporation - C:\schedule Files\remember\remember Express HD 2.0\rthlpsvc exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService exeO23 - function: WAN Miniport (ATW) function (WANMiniportService) - America Online. Inc. - C:\WINDOWS\wanmpsvc exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1. EXEO24 - Desktop Component 0: (no name) - C:\schedule Files\Windows Media Player\pronyj htmlO24 - Desktop Component 1: (no label) - O24 - Desktop Component 2: (no name) - O24 - Desktop Component 3: (no label) - O24 - Desktop Component 4: (no name) - O24 - Desktop Component 5: (no name) - --End of register - 13897 bytes
start your computer and boot into Safe Mode (if you don't know how go to ). Make sure to close any internet browsers that may comfort be open. Uninstall the following via the Add/Remove Panel (Start->Settings->hold back Panel->Add/shift Programs) if open:WinAbleInsiderViewpointRun a scan in HijackThis. Check each of the following if they comfort exist and hit 'Fix Checked' after you checked the last one:O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\yayvwxu dllO2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fhmvegbk dllO2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fhmvegbk dllO4 - HKLM\..\Run: [ccedb5a6] rundll32 exe "C:\WINDOWS\system32\xjlswfac dll",bO4 - HKCU\..\Run: [WinAble] C:\schedule Files\WinAble\winable exeO4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns datO20 - Winlogon Notify: fhmvegbk - C:\WINDOWS\SYSTEM32\fhmvegbk dllO20 - Winlogon Notify: yayvwxu - C:\WINDOWS\SYSTEM32\yayvwxu dllO23 - Service: Viewpoint Manager function - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService exeDelete if open:C:\Program Files\WinAble\C:\schedule Files\Insider\
ComboFix 07-11-01.1 - Brent Koops 2007-11-04 16:24:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT -8:00]Running from: C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Documents and Settings\All Users\Start Menu\be Safety bear on lnkC:\Documents and Settings\All Users\Start Menu\Online Security Guide lnkC:\Documents and Settings\Brent Koops\Favorites\Online Security Guide lnkC:\WINDOWS\system32\fhmvegbk dllboxC:\WINDOWS\system32\jkklm dllC:\WINDOWS\SYSTEM32\mlkkj bak2C:\WINDOWS\SYSTEM32\mlkkj ini.((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))).2007-10-31 00:06112,840--a------C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr sys2007-10-31 00:0688,008--a------C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv sys2007-10-31 00:0367,784--a------C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter sys2007-10-30 23:58<DIR>d--------C:\Program Files\Microsoft Windows OneCare be2007-10-30 21:10<DIR>d--------C:\Program Files\Windows Defender2007-10-29 21:155,168--a------C:\WINDOWS\SYSTEM32\tmp reg2007-10-29 21:14289,144--a------C:\WINDOWS\SYSTEM32\VCCLSID exe2007-10-29 21:14288,417--a------C:\WINDOWS\SYSTEM32\SrchSTS exe2007-10-29 21:1453,248--a------C:\WINDOWS\SYSTEM32\affect exe2007-10-29 21:1451,200--a------C:\WINDOWS\SYSTEM32\dumphive exe2007-10-29 21:1425,600--a------C:\WINDOWS\SYSTEM32\WS2Fix exe2007-10-29 20:301,060,864--a------C:\WINDOWS\SYSTEM32\mfc71 dll2007-10-29 20:24<DIR>d--------C:\WINDOWS\SYSTEM32\Mz02r2007-10-29 20:24<DIR>d--hs----C:\WINDOWS\QnJlbnQgS29vcHM2007-10-29 20:24<DIR>d--------C:\Temp\mZOr2007-10-29 20:2441--a------C:\WINDOWS\plite731_uninstaller_ bat2007-10-09 13:27584,192---------C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4 dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-05 00:30---------d-----wC:\Documents and Settings\All Users\Application Data\RetroExp2007-11-05 00:25---------d-----wC:\Documents and Settings\All Users\Application Data\DIGStream2007-11-04 17:28---------d-----wC:\Program Files\Viewpoint2007-11-04 17:06---------d-----wC:\Documents and Settings\All Users\Application Data\Viewpoint2007-11-04 17:05---------d-----wC:\Program Files\Common Files\Symantec Shared2007-10-30 04:29---------d-----wC:\Documents and Settings\Brent Koops\Application Data\Move Networks2007-09-15 19:26---------d-----wC:\Documents and Settings\Brent Koops\Application Data\AdobeUM2007-08-22 13:1296,256------wC:\WINDOWS\SYSTEM32\DLLCACHE\inseng dll2007-08-22 13:12658,944------wC:\WINDOWS\SYSTEM32\DLLCACHE\wininet dll2007-08-22 13:12615,424------wC:\WINDOWS\SYSTEM32\DLLCACHE\urlmon dll2007-08-22 13:1255,808------wC:\WINDOWS\SYSTEM32\DLLCACHE\extmgr dll2007-08-22 13:12532,480------wC:\WINDOWS\SYSTEM32\DLLCACHE\mstime dll2007-08-22 13:12474,112------wC:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi dll2007-08-22 13:12449,024------wC:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled dll2007-08-22 13:1239,424------wC:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt dll2007-08-22 13:12357,888------wC:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft dll2007-08-22 13:123,058,176------wC:\WINDOWS\SYSTEM32\DLLCACHE\mshtml dll2007-08-22 13:12251,392------wC:\WINDOWS\SYSTEM32\DLLCACHE\iepeers dll2007-08-22 13:12205,312------wC:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans dll2007-08-22 13:1216,384------wC:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy dll2007-08-22 13:12151,040------wC:\WINDOWS\SYSTEM32\DLLCACHE\cdfview dll2007-08-22 13:12146,432------wC:\WINDOWS\SYSTEM32\DLLCACHE\msrating dll2007-08-22 13:121,494,528------wC:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw dll2007-08-22 13:121,054,208------wC:\WINDOWS\SYSTEM32\DLLCACHE\danim dll2007-08-22 13:121,022,976------wC:\WINDOWS\SYSTEM32\DLLCACHE\browseui dll2007-08-21 10:3018,432------wC:\WINDOWS\SYSTEM32\DLLCACHE\iedw exe2007-08-21 06:15683,520----a-wC:\WINDOWS\SYSTEM32\inetcomm dll2007-08-21 06:15683,520------wC:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm dll2002-07-27 00:02153,088----a-wC:\Program Files\UNWISE. EXE.((((((((((((((((((((((((((((( snapshot@2007-10-31_21.15.18.46 ))))))))))))))))))))))))))))))))))))))))).- 2003-12-10 04:41:191,100,392----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Excel\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Excel dll+ 2007-11-04 17:21:201,103,248----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Excel\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Excel dll- 2003-12-10 04:41:19141,928----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Graph\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Graph dll+ 2007-11-04 17:20:17144,784----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Graph\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. interpret dll- 2003-12-10 04:41:19408,176----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Outlook\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Outlook dll+ 2007-11-04 17:21:46411,024----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Outlook\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Outlook dll- 2003-12-10 04:41:1935,448----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. OutlookViewCtl dll+ 2007-11-04 17:21:3938,304----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. OutlookViewCtl dll- 2003-12-10 04:41:19461,416----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Owc11\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Owc11 dll+ 2007-11-04 17:21:00464,272----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Owc11\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Owc11 dll- 2003-12-10 04:41:19223,856----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. PowerPoint dll+ 2007-11-04 17:22:02226,712----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. PowerPoint dll- 2003-12-10 04:41:19211,568----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Publisher\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Publisher dll+ 2007-11-04 17:22:08214,424----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Publisher\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Publisher dll- 2003-12-10 04:41:1920,080----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. SmartTag dll+ 2007-11-04 17:20:5322,928----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. SmartTag dll- 2003-12-10 04:41:19662,120----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. evince\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Word dll+ 2007-11-04 17:21:54664,968----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Word\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. evince dll- 2003-12-10 04:41:19371,296----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop. Forms\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop. Forms dll+ 2007-11-04 17:20:16374,152----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop. Forms\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop. Forms dll- 2003-12-10 04:41:1964,088----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop dll+ 2007-11-04 17:20:0866,936----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop dll- 2003-12-10 04:41:19223,800----a-wC:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE. DLL+ 2007-11-04 17:19:57226,656----a-wC:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE. DLL+ 2003-07-15 04:57:3438,968----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AUTHZAX. DLL+ 2003-07-15 04:53:0694,768----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AW. DLL+ 2003-07-15 04:53:2246,144----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\BLNMGRPS. DLL+ 2003-07-15 04:56:5414,904----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSITF. DLL+ 2003-07-15 04:57:1498,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSSM. EXE+ 2003-12-10 04:41:191,100,392----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\EXCELPIA. DLL+ 2003-07-15 04:41:4413,368----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FINDER. EXE+ 2002-10-07 15:49:36192,573----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORM. DLL+ 2003-12-10 04:41:19371,296----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORMSPIA. DLL+ 2003-07-15 04:40:12179,768----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPERSON. DLL+ 2003-07-15 04:40:12165,944----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPLACE. DLL+ 2003-12-10 04:41:19141,928----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\GRAPHPIA. DLL+ 2003-06-18 23:31:10252,928----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MDIINK. DLL+ 2003-07-15 04:57:14124,480----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1core out. DLL+ 2003-07-15 05:12:2247,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1XTOR. DLL+ 2003-07-15 04:56:1440,504----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSE7. EXE+ 2003-07-15 04:51:4487,104----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSENCODE. DLL+ 2003-07-15 04:52:5217,464----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSMH. DLL+ 2003-07-15 04:57:16120,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOAUTH. DLL+ 2003-07-15 04:52:5227,704----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSODCW. DLL+ 2003-07-15 04:52:5655,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOHTMED. EXE+ 2003-07-15 04:56:1654,328----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOMSE. DLL+ 2003-07-11 08:15:481,292,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSONSEXT. DLL+ 2003-07-15 09:18:52376,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSORUN. DLL+ 2003-07-15 04:52:5428,224----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE. DLL+ 2003-07-15 04:52:5235,896----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSV. DLL+ 2003-07-15 04:53:0055,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVABW. DLL+ 2003-07-15 04:53:2039,488----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVFBR. DLL+ 2003-07-15 04:46:1642,040----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXEV. DLL+ 2003-07-15 04:45:1255,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLED. EXE+ 2003-07-15 04:45:1239,488----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF. DLL+ 2003-06-18 23:31:54788,480----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPFILT. DLL+ 2003-06-18 23:31:5016,384----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPGIMME. DLL+ 2003-06-19 22:05:52128,104----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPSCAN. EXE+ 2003-06-19 22:05:50364,648----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPVIEW. EXE+ 2003-07-15 05:02:42637,496----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSQRY32. EXE+ 2003-07-15 04:52:5841,528----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSSH. DLL+ 2003-12-10 04:41:1920,080----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSTAGPIA. DLL+ 2003-07-15 05:00:54145,984----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP. DLL+ 2003-07-15 04:57:1056,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\NAME. DLL+ 2003-07-15 04:56:5213,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\NPOFFICE. DLL+ 2003-06-18 23:31:586,144----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OCRPS. DLL+ 2003-12-10 04:41:19223,800----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OFFICE. DLL+ 2003-07-15 09:14:26242,240----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OISGRAPH. DLL+ 2003-12-10 04:41:1935,448----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OLCTLPIA. DLL+ 2003-07-15 05:05:241,054,264----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OMFC. DLL+ 2003-07-15 04:44:34102,968----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLCTL. DLL+ 2003-12-10 04:41:19408,176----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLPIA. DLL+ 2003-07-15 04:43:1649,208----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLWAB. DLL+ 2003-12-10 04:41:19461,416----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OWC11PIA. DLL+ 2003-07-15 09:18:4493,752----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PP7X32. DLL+ 2003-12-10 04:41:19223,856----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PPTPIA. DLL+ 2002-10-07 16:11:00167,997----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PSOM. DLL+ 2003-12-10 04:41:19211,568----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBPIA. DLL+ 2003-07-15 04:40:1651,256----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBTRAP. DLL+ 2003-05-09 03:54:0077,824----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFEDIT. DLL+ 2003-07-15 04:57:0840,512----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFIEBAR. DLL+ 2002-10-07 15:49:4281,984----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REVERSE. DLL+ 2003-07-21 17:46:38390,712----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\RTFHTML. DLL+ 2003-07-15 04:57:18349,248----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SELFCERT. EXE+ 2003-07-15 04:44:1666,616----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SENDTO. DLL+ 2003-07-15 04:57:0858,944----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SEQCHK10. DLL+ 2003-07-15 04:53:1411,848----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL. EXE+ 2002-10-07 15:53:04106,561----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\THOCRAPI. DLL+ 2002-10-07 15:50:44241,729----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTCHR. DLL+ 2002-10-07 15:51:04180,289----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTLIN. DLL+ 2002-10-07 15:51:14147,520----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWLAY32. DLL+ 2002-10-07 15:51:20102,467----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWORIENT. DLL+ 2002-10-07 15:50:04118,847----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECE. DLL+ 2002-10-07 15:49:5681,983----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECS. DLL+ 2002-10-07 15:51:44221,252----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWSTRUCT. DLL+ 2003-07-15 04:57:4059,960----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\UNBIND. EXE+ 2003-12-10 04:41:1964,088----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\VBIDEPIA. DLL+ 2003-12-10 04:41:19662,120----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\WORDPIA. DLL+ 2002-10-07 16:03:341,794,113----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XIMAGE3B. DLL+ 2003-04-30 17:52:321,581,120----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XPAGE3C. DLL+ 2003-01-17 20:03:3459,466----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XSCAN32. DAT+ 2001-06-05 14:13:22289,926----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGDIC. DAT+ 2001-06-05 14:13:2234,168----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGIDX. DAT+ 2001-06-05 14:13:2418,844----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\JFONT. DAT+ 2001-06-05 14:13:2665,536----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\LOOKUP. DAT+ 2005-05-04 08:06:28465,640----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMENG. DLL+ 2005-05-04 08:06:321,411,816----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMINE. DLL+ 2005-05-04 08:06:26199,408----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMDUN80. DLL+ 2001-10-23 06:13:4253,260----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRHC. DAT+ 2001-06-05 14:13:2640,972----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRVC. DAT- 2007-10-10 11:01:0712,288----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon exe+ 2007-11-04 17:22:5912,288----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon exe- 2007-10-10 11:01:07135,168----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc exe+ 2007-11-04 17:22:58135,168----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc exe- 2007-10-10 11:01:0711,264----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons exe+ 2007-11-04 17:22:5911,264----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons exe- 2007-10-10 11:01:0727,136----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon exe+ 2007-11-04 17:22:5927,136----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon exe- 2007-10-10 11:01:074,096----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon exe+ 2007-11-04 17:22:594,096----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon exe- 2007-10-10 11:01:07794,624----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon exe+ 2007-11-04 17:22:59794,624----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon exe- 2007-10-10 11:01:07249,856----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico exe+ 2007-11-04 17:22:58249,856----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico exe- 2007-10-10 11:01:0761,440----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs exe+ 2007-11-04 17:22:5861,440----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs exe- 2007-10-10 11:01:0723,040----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico exe+ 2007-11-04 17:22:5923,040----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico exe- 2007-10-10 11:01:07286,720----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon exe+ 2007-11-04 17:22:58286,720----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon exe- 2007-10-10 11:01:07409,600----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons exe+ 2007-11-04 17:22:57409,600----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons exe- 2005-03-17 22:39:581,146,320----a-wC:\WINDOWS\SYSTEM32\FM20. DLL+ 2007-06-06 18:53:341,195,888----a-wC:\WINDOWS\SYSTEM32\FM20. DLL- 2003-07-15 04:57:0432,584----a-wC:\WINDOWS\SYSTEM32\FM20ENU. DLL+ 2007-03-23 03:17:0435,440----a-wC:\WINDOWS\SYSTEM32\FM20ENU. DLL- 2007-04-13 05:06:36277,352----a-wC:\WINDOWS\SYSTEM32\FNTCACHE. DAT+ 2007-11-04 17:28:12277,352----a-wC:\WINDOWS\SYSTEM32\FNTCACHE. DAT- 2004-03-22 22:17:0524,816----a-wC:\WINDOWS\SYSTEM32\mdimon dll+ 2007-04-09 21:23:5428,040----a-wC:\WINDOWS\SYSTEM32\mdimon dll- 2004-03-22 22:17:02765,680----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph dll+ 2007-04-09 21:24:04758,664----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph dll- 2004-03-22 22:17:0842,224----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui dll+ 2007-04-09 21:23:5846,472----a-wC:\WINDOWS\SYSTEM32\transfer\DRIVERS\W32X86\3\mdiui dll- 2004-03-22 22:17:02765,680----a-wC:\WINDOWS\SYSTEM32\transfer\DRIVERS\W32X86\mdigraph dll+ 2007-04-09 21:24:04758,664----a-wC:\WINDOWS\SYSTEM32\transfer\DRIVERS\W32X86\mdigraph dll- 2004-03-22 22:17:0842,224----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui dll+ 2007-04-09 21:23:5846,472----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui dll- 2004-03-22 22:17:0625,840----a-wC:\WINDOWS\SYSTEM32\transfer\PRTPROCS\W32X86\mdippr dll+ 2007-04-09 21:23:5428,552----a-wC:\WINDOWS\SYSTEM32\transfer\PRTPROCS\W32X86\mdippr dll+ 2007-11-05 00:29:2416,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_29c dat.-- Snapshot define to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*say* empty entries & legit fail entries are not shown [HKEY_LOCAL_forge\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]C:\WINDOWS\system32\bronto dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl dll" [2003-04-24 14:58]"DVDSentry"="C:\WINDOWS\System32\DSentry exe" [2003-08-13 08:27]"PCMService"="C:\schedule Files\Dell\Media Experience\PCMService exe" [2003-08-26 17:47]"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent exe" [2002-04-02 23:01]"UpdReg"="C:\WINDOWS\UpdReg. EXE" [2000-05-10 23:00]"MCAgentExe"="c:\PROGRA~1\mcafee com\agent\mcagent exe" [2005-09-22 18:29]"MCUpdateExe"="C:\PROGRA~1\mcafee com\agent\mcupdate exe" [2006-01-11 12:05]"BJCFD"="C:\schedule Files\BroadJump\Client Foundation\CFD exe" [2002-09-10 20:26]"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exe" [2003-12-10 03:52]"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon exe" [2003-07-11 13:51]"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient exe" [2003-06-11 01:52]"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exe" [2003-06-11 01:52]"DIGStream"="C:\Program Files\DIGStream\digstream exe" [2005-05-18 13:49]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\lay~1\UPDATE~1\ISUSPM exe" [2004-07-27 16:50]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch exe" [2004-07-27 16:50]"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck exe" [2004-03-10 15:26]"USB2Check"="C:\WINDOWS\System32\PCLECoInst dll" [2004-04-06 18:05]"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip exe" [2004-04-23 10:00]"dla"="C:\WINDOWS\system32\dla\tfswctrl exe" [2005-05-31 04:33]"TkBellExe"="C:\Program Files\Common Files\Real\modify_OB\realsched exe" [2006-10-29 20:37]"WD add Manager"="WDBtnMgr exe" [2007-05-22 18:54 C:\WINDOWS\SYSTEM32\WDBtnMgr exe]"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exe" [2007-01-22 13:11]"QuickTime Task"="C:\Program Files\QuickTime\qttask exe" [2007-06-29 06:24]"iTunesHelper"="C:\schedule Files\iTunes\iTunesHelper exe" [2007-07-10 09:18]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui exe" [2006-11-03 19:20]"OneCareUI"="C:\schedule Files\Microsoft Windows OneCare be\winssnotify exe" [2007-10-01 09:53][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sonic RecordNow!"="" []"MSMSGS"="C:\Program Files\Messenger\msmsgs exe" [2004-10-13 08:24]"ctfmon exe"="C:\WINDOWS\system32\ctfmon exe" [2004-08-03 23:56]"DellSupport"="C:\Program Files\DellSupport\DSAgnt exe" [2007-03-15 11:09]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager exe" [2004-11-22 08:18]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed open lnk - C:\schedule Files\Adobe\Acrobat 7.0\Reader\reader_sl exe [2004-12-14 04:44:06]America Online 9.0 Tray Icon lnk - C:\Program Files\America Online 9.0\aoltray exe [2003-12-09 20:38:04]SBC Self Support Tool lnk - C:\schedule Files\SBC Self Support Tool\bin\matcli exe [2004-08-05 20:42:12][HKEY_LOCAL_forge\software\microsoft\windows\currentversion\policies\explorer]@=[HKEY_LOCAL_forge\software\microsoft\windows nt\currentversion\winlogon\notify\fhmvegbk] fhmvegbk dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\inform\yayvwxu] yayvwxu dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklm dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]@="Service"R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr sysR2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv sysR2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare be\Firewall\msfwsvc exe"R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng exe"R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter sysS3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\schedule Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent. EXE -i MICROSOFTBCM. Contents of the 'Scheduled Tasks' folder"2007-10-20 00:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate job""2003-12-27 02:00:00 C:\WINDOWS\Tasks\ISP signup reminder 1 job".**************************************************************************catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer. Rootkit scan 2007-11-04 16:30:55Windows 5.1.2600 function Pack 2 NTFSscanning hidden processes.. scanning hidden autostart entries.. scanning hidden files.. scan completed successfully hidden files: 0 **************************************************************************. Completion time: 2007-11-04 16:31:45 - forge was rebooted C:\ComboFix-quarantined-files txt... 2007-05-19 10:09C:\ComboFix2 txt... 2007-10-31 21:16C:\ComboFix3 txt... 2007-05-19 10:09.--- E O F ---
Incident Status Location Potentially unwanted drive:Application/NirCmd. A Not disinfected C:\ComboFix\nircmd cfexe Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ mediaplex com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ad yieldmanager com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ doubleclick net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ advertising com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ bluestreak com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ questionmarket com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ atdmt com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ ads pointroll com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ tribalfusion com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ revenue net/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[landing domainsponsor com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ serving-sys com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ bs serving-sys com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ serving-sys com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ realmedia com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ fastclick net/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ adtech de/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ trafficmp com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ adrevolver com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ casalemedia com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@ad yieldmanager[1] txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@apmebf[1] txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@atdmt[2] txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@doubleclick[1] txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@fastclick[2] txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@linksynergy[2] txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@questionmarket[1] txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@realmedia[1] txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@statcounter[2] txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@trafficmp[1] txt Spyware:Cookie/Com com Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@uol com[2] txt Potentially unwanted tool:Application/NirCmd. A Not disinfected C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe[nircmd exe] Potentially unwanted tool:Application/NirCmd. A Not disinfected C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe[nircmd cfexe] Potentially unwanted drive:Application/Processor Not disinfected C:\Documents and Settings\Brent Koops\Desktop\cast aside\SmitfraudFix\Process exe Virus:Trj/Rebooter. J Disinfected C:\Documents and Settings\Brent Koops\Desktop\cast aside\SmitfraudFix\resuscitate exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Brent Koops\Desktop\cast aside\SmitfraudFix\restart exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS4895T.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS4F005.002 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\turn Micro\Internet Security\VSS5GG5T.000 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\turn Micro\Internet Security\VSS5P1RL.000 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSS5PP5T.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS5Q2JD.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS5Q4E5.001 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS7UI05.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS8MUJD.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS9RN95.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\turn Micro\Internet Security\VSS9VHJD.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSS9VK45.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSSAT8E5.00F Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSSAV2ML.000 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSSAVDML.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSSBUMRL.001 Adware:Adware/Amera Not disinfected C:\QooBox\Quarantine\C\Program Files\ISM2\ISMPack6 exe vir Virus:Trj/Downloader. MDW Disinfected C:\QooBox\Quarantine\C\schedule Files\Web Buying\v1.8.5\wbuninst exe vir Virus:Generic Trojan Disinfected C:\QooBox\Quarantine\C\schedule Files\Web Buying\v1.8.5\webbuying exe vir Virus:Trj/Downloader. MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\b122 exe vir Virus:Generic Malware Disinfected C:\QooBox\insulate\C\WINDOWS\SYSTEM32\g1\db50ene exe vir Virus:Generic Trojan Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\i8\taldrvr11 exe vir Potentially unwanted drive:Application/NirCmd. A Not disinfected C:\WINDOWS\nircmd exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\affect exe
Hello,I know I ran ATF in the first affix... but not before your instructions in the second post. I ran ATF before deleting the specified file in the post above. Deleted the file. Ran the Active Virus examine again. Ran ATF after the examine was end and saved that to log. Then I ran a combofix examine saved it to log. Then ran a seize scan saved it to log. Here is the Active Virus Scan Log. Combofix Scan Log and Hijack Scan Log. Incident Status Location Potentially unwanted tool:Application/NirCmd. A Not disinfected C:\ComboFix\nircmd cfexe Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ mediaplex com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ad yieldmanager com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ doubleclick net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox
comments | Add comment | Report as Spam
|
"Hijack This Log" posted by ~Ray
Posted on 2008-03-12 23:17:41 |
Logfile of turn Micro HijackThis v2.0.2Scan saved at 7:02:18 PM on 10/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss exeC:\WINDOWS\system32\winlogon exeC:\WINDOWS\system32\services exeC:\WINDOWS\system32\lsass exeC:\WINDOWS\system32\svchost exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng exeC:\WINDOWS\System32\svchost exeC:\WINDOWS\system32\spoolsv exeC:\WINDOWS\Explorer. EXEC:\WINDOWS\System32\DSentry exeC:\Program Files\Dell\Media Experience\PCMService exeC:\PROGRA~1\mcafee com\agent\mcagent exeC:\Program Files\BroadJump\Client Foundation\CFD exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exeC:\Program Files\Yahoo!\browser\ybrwicon exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exeC:\Program Files\DIGStream\digstream exeC:\schedule Files\Common Files\InstallShield\UpdateService\issch exeC:\schedule Files\surmount\Shared Files\Programs\USBTip\USBTip exeC:\WINDOWS\system32\dla\tfswctrl exeC:\Program Files\Common Files\Real\modify_OB\realsched exeC:\WINDOWS\system32\WDBtnMgr exeC:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd exeC:\Program Files\iTunes\iTunesHelper exeC:\Program Files\Microsoft Windows OneCare Live\winssnotify exeC:\Program Files\Messenger\msmsgs exeC:\WINDOWS\system32\ctfmon exeC:\Program Files\DellSupport\DSAgnt exeC:\Program Files\WinAble\winable exeC:\schedule Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService exeC:\schedule Files\Insider\Insider exeC:\Program Files\America Online 9.0\aoltray exeC:\Program Files\Bonjour\mDNSResponder exeC:\PROGRA~1\Yahoo!\browser\ycommon exeC:\WINDOWS\System32\CTsvcCDA exec:\schedule files\mcafee com\agent\mcdetect exec:\PROGRA~1\mcafee com\agent\mctskshd exeC:\Program Files\SBC Self Support Tool\bin\mpbtn exeC:\Program Files\Common Files\Microsoft Shared\VS7correct\MDM. EXEC:\schedule Files\Creative\SBLive\Diagnostics\diagent exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr exeC:\WINDOWS\System32\nvsvc32 exeC:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun exeC:\WINDOWS\System32\svchost exeC:\Program Files\Viewpoint\Common\ViewpointService exeC:\WINDOWS\wanmpsvc exeC:\WINDOWS\System32\MsPMSPSv exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc exeC:\Program Files\Microsoft Windows OneCare be\winss exeC:\Program Files\iPod\bin\iPodService exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr exeC:\schedule Files\Internet Explorer\iexplore exeC:\schedule Files\Internet Explorer\iexplore exeC:\PROGRA~1\RETROS~1\RETROS~1.0\retrospect exeD:\HiJackThis exeC:\Program Files\Internet Explorer\iexplore exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = * localO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0 dllO2 - BHO: AcroIEHlprObj categorise - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\schedule Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx dllO2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\yayvwxu dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain dllO2 - BHO: (no label) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fhmvegbk dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb dllO2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0 dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fhmvegbk dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32. EXE C:\WINDOWS\System32\NvCpl dll,NvStartupO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry exeO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media undergo\PCMService exe"O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent exe" startupO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg. EXEO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee com\agent\mcagent exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee com\agent\mcupdate exeO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exeO4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon exeO4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient exe" -lO4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exe"O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\modify~1\ISUSPM exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch exe" -startO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck exe -CheckRegO4 - HKLM\..\Run: [USB2analyse] RUNDLL32. EXE "C:\WINDOWS\System32\PCLECoInst dll",CheckUSBControllerO4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl exeO4 - HKLM\..\Run: [TkBellExe] "C:\schedule Files\Common Files\Real\Update_OB\realsched exe" -osbootO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\schedule Files\iTunes\iTunesHelper exe"O4 - HKLM\..\Run: [ccedb5a6] rundll32 exe "C:\WINDOWS\system32\xjlswfac dll",bO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui exe" -hideO4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs exe" /backgroundO4 - HKCU\..\Run: [ctfmon exe] C:\WINDOWS\system32\ctfmon exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt exe" /startupO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager exe AcRdB7_0_9O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable exeO4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider exeO4 - Global Startup: Adobe Reader Speed open lnk = C:\schedule Files\Adobe\Acrobat 7.0\Reader\reader_sl exeO4 - Global Startup: America Online 9.0 Tray Icon lnk = C:\Program Files\America Online 9.0\aoltray exeO4 - Global Startup: SBC Self give Tool lnk = C:\Program Files\SBC Self give drive\bin\matcli exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL. EXE/3000O8 - Extra context menu item: Yahoo! Dictionary - register:///C:\schedule Files\Yahoo!\Common/ycdict htmO8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch htmO9 - Extra add: (no label) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava dllO9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin dllO9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR. DLLO9 - Extra button: Real com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\schedule Files\Messenger\msmsgs exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine favor Validation drive) - O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid. LiquidHelper) - file://D:\components\Liquid ocxO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper dllO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee com Operating System Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin disapprove) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj categorise) - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns datO20 - Winlogon Notify: fhmvegbk - C:\WINDOWS\SYSTEM32\fhmvegbk dllO20 - Winlogon inform: yayvwxu - C:\WINDOWS\SYSTEM32\yayvwxu dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online. Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd exeO23 - Service: Apple Mobile Device - Apple. Inc. - C:\schedule Files\Common Files\Apple\Mobile Device give\bin\AppleMobileDeviceService exeO23 - Service: Bonjour Service - Apple Computer. Inc. - C:\Program Files\Bonjour\mDNSResponder exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc exeO23 - Service: InstallDriver delay Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT exeO23 - function: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService exeO23 - Service: McAfee WSC Integration (McDetect exe) - McAfee. Inc - c:\program files\mcafee com\agent\mcdetect exeO23 - Service: McAfee Task Scheduler (McTskshd exe) - McAfee. Inc - c:\PROGRA~1\mcafee com\agent\mctskshd exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr exe) - McAfee. Inc - C:\PROGRA~1\McAfee com\Agent\mcupdmgr exeO23 - function: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\schedule Files\Intel\NCS\Sync\NetSvc exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 exeO23 - Service: remember convey HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\remember convey HD 2.0\rthlpsvc exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online. Inc. - C:\WINDOWS\wanmpsvc exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1. EXEO24 - Desktop Component 0: (no label) - C:\Program Files\Windows Media Player\pronyj htmlO24 - Desktop Component 1: (no name) - O24 - Desktop Component 2: (no name) - O24 - Desktop Component 3: (no name) - O24 - Desktop Component 4: (no label) - O24 - Desktop Component 5: (no label) - --End of file - 13897 bytes
start your computer and boot into Safe Mode (if you don't know how go to ). alter sure to close any internet browsers that may still be open. Uninstall the following via the Add/Remove Panel (Start->Settings->hold back Panel->Add/Remove Programs) if found:WinAbleInsiderViewpointRun a scan in HijackThis. Check each of the following if they comfort exist and hit 'Fix Checked' after you checked the last one:O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\yayvwxu dllO2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fhmvegbk dllO2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fhmvegbk dllO4 - HKLM\..\Run: [ccedb5a6] rundll32 exe "C:\WINDOWS\system32\xjlswfac dll",bO4 - HKCU\..\Run: [WinAble] C:\schedule Files\WinAble\winable exeO4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. DisableRegedit=1O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns datO20 - Winlogon inform: fhmvegbk - C:\WINDOWS\SYSTEM32\fhmvegbk dllO20 - Winlogon inform: yayvwxu - C:\WINDOWS\SYSTEM32\yayvwxu dllO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService exeDelete if found:C:\Program Files\WinAble\C:\Program Files\Insider\
ComboFix 07-11-01.1 - Brent Koops 2007-11-04 16:24:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT -8:00]Running from: C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Documents and Settings\All Users\go away Menu\be Safety Center lnkC:\Documents and Settings\All Users\Start Menu\Online Security command lnkC:\Documents and Settings\Brent Koops\Favorites\Online Security Guide lnkC:\WINDOWS\system32\fhmvegbk dllboxC:\WINDOWS\system32\jkklm dllC:\WINDOWS\SYSTEM32\mlkkj bak2C:\WINDOWS\SYSTEM32\mlkkj ini.((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))).2007-10-31 00:06112,840--a------C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr sys2007-10-31 00:0688,008--a------C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv sys2007-10-31 00:0367,784--a------C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter sys2007-10-30 23:58<DIR>d--------C:\schedule Files\Microsoft Windows OneCare Live2007-10-30 21:10<DIR>d--------C:\schedule Files\Windows Defender2007-10-29 21:155,168--a------C:\WINDOWS\SYSTEM32\tmp reg2007-10-29 21:14289,144--a------C:\WINDOWS\SYSTEM32\VCCLSID exe2007-10-29 21:14288,417--a------C:\WINDOWS\SYSTEM32\SrchSTS exe2007-10-29 21:1453,248--a------C:\WINDOWS\SYSTEM32\affect exe2007-10-29 21:1451,200--a------C:\WINDOWS\SYSTEM32\dumphive exe2007-10-29 21:1425,600--a------C:\WINDOWS\SYSTEM32\WS2Fix exe2007-10-29 20:301,060,864--a------C:\WINDOWS\SYSTEM32\mfc71 dll2007-10-29 20:24<DIR>d--------C:\WINDOWS\SYSTEM32\Mz02r2007-10-29 20:24<DIR>d--hs----C:\WINDOWS\QnJlbnQgS29vcHM2007-10-29 20:24<DIR>d--------C:\Temp\mZOr2007-10-29 20:2441--a------C:\WINDOWS\plite731_uninstaller_ bat2007-10-09 13:27584,192---------C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4 dll.(((((((((((((((((((((((((((((((((((((((( sight3M inform )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-05 00:30---------d-----wC:\Documents and Settings\All Users\Application Data\RetroExp2007-11-05 00:25---------d-----wC:\Documents and Settings\All Users\Application Data\DIGStream2007-11-04 17:28---------d-----wC:\Program Files\Viewpoint2007-11-04 17:06---------d-----wC:\Documents and Settings\All Users\Application Data\Viewpoint2007-11-04 17:05---------d-----wC:\Program Files\Common Files\Symantec Shared2007-10-30 04:29---------d-----wC:\Documents and Settings\Brent Koops\Application Data\act Networks2007-09-15 19:26---------d-----wC:\Documents and Settings\Brent Koops\Application Data\AdobeUM2007-08-22 13:1296,256------wC:\WINDOWS\SYSTEM32\DLLCACHE\inseng dll2007-08-22 13:12658,944------wC:\WINDOWS\SYSTEM32\DLLCACHE\wininet dll2007-08-22 13:12615,424------wC:\WINDOWS\SYSTEM32\DLLCACHE\urlmon dll2007-08-22 13:1255,808------wC:\WINDOWS\SYSTEM32\DLLCACHE\extmgr dll2007-08-22 13:12532,480------wC:\WINDOWS\SYSTEM32\DLLCACHE\mstime dll2007-08-22 13:12474,112------wC:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi dll2007-08-22 13:12449,024------wC:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled dll2007-08-22 13:1239,424------wC:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt dll2007-08-22 13:12357,888------wC:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft dll2007-08-22 13:123,058,176------wC:\WINDOWS\SYSTEM32\DLLCACHE\mshtml dll2007-08-22 13:12251,392------wC:\WINDOWS\SYSTEM32\DLLCACHE\iepeers dll2007-08-22 13:12205,312------wC:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans dll2007-08-22 13:1216,384------wC:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy dll2007-08-22 13:12151,040------wC:\WINDOWS\SYSTEM32\DLLCACHE\cdfview dll2007-08-22 13:12146,432------wC:\WINDOWS\SYSTEM32\DLLCACHE\msrating dll2007-08-22 13:121,494,528------wC:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw dll2007-08-22 13:121,054,208------wC:\WINDOWS\SYSTEM32\DLLCACHE\danim dll2007-08-22 13:121,022,976------wC:\WINDOWS\SYSTEM32\DLLCACHE\browseui dll2007-08-21 10:3018,432------wC:\WINDOWS\SYSTEM32\DLLCACHE\iedw exe2007-08-21 06:15683,520----a-wC:\WINDOWS\SYSTEM32\inetcomm dll2007-08-21 06:15683,520------wC:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm dll2002-07-27 00:02153,088----a-wC:\Program Files\UNWISE. EXE.((((((((((((((((((((((((((((( snapshot@2007-10-31_21.15.18.46 ))))))))))))))))))))))))))))))))))))))))).- 2003-12-10 04:41:191,100,392----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Excel\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Excel dll+ 2007-11-04 17:21:201,103,248----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Excel\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Excel dll- 2003-12-10 04:41:19141,928----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Graph\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Graph dll+ 2007-11-04 17:20:17144,784----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Graph\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Graph dll- 2003-12-10 04:41:19408,176----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Outlook\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Outlook dll+ 2007-11-04 17:21:46411,024----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Outlook\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Outlook dll- 2003-12-10 04:41:1935,448----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. OutlookViewCtl dll+ 2007-11-04 17:21:3938,304----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. OutlookViewCtl dll- 2003-12-10 04:41:19461,416----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Owc11\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Owc11 dll+ 2007-11-04 17:21:00464,272----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Owc11\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Owc11 dll- 2003-12-10 04:41:19223,856----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. PowerPoint dll+ 2007-11-04 17:22:02226,712----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. PowerPoint dll- 2003-12-10 04:41:19211,568----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Publisher\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Publisher dll+ 2007-11-04 17:22:08214,424----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Publisher\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Publisher dll- 2003-12-10 04:41:1920,080----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. SmartTag dll+ 2007-11-04 17:20:5322,928----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. SmartTag dll- 2003-12-10 04:41:19662,120----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. Word\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Word dll+ 2007-11-04 17:21:54664,968----a-wC:\WINDOWS\assembly\GAC\Microsoft. Office. Interop. evince\11.0.0.0__71e9bce111e9429c\Microsoft. Office. Interop. Word dll- 2003-12-10 04:41:19371,296----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop. Forms\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop. Forms dll+ 2007-11-04 17:20:16374,152----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop. Forms\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop. Forms dll- 2003-12-10 04:41:1964,088----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop dll+ 2007-11-04 17:20:0866,936----a-wC:\WINDOWS\assembly\GAC\Microsoft. Vbe. Interop\11.0.0.0__71e9bce111e9429c\Microsoft. Vbe. Interop dll- 2003-12-10 04:41:19223,800----a-wC:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE. DLL+ 2007-11-04 17:19:57226,656----a-wC:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE. DLL+ 2003-07-15 04:57:3438,968----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AUTHZAX. DLL+ 2003-07-15 04:53:0694,768----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AW. DLL+ 2003-07-15 04:53:2246,144----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\BLNMGRPS. DLL+ 2003-07-15 04:56:5414,904----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSITF. DLL+ 2003-07-15 04:57:1498,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSSM. EXE+ 2003-12-10 04:41:191,100,392----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\EXCELPIA. DLL+ 2003-07-15 04:41:4413,368----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FINDER. EXE+ 2002-10-07 15:49:36192,573----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORM. DLL+ 2003-12-10 04:41:19371,296----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORMSPIA. DLL+ 2003-07-15 04:40:12179,768----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPERSON. DLL+ 2003-07-15 04:40:12165,944----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPLACE. DLL+ 2003-12-10 04:41:19141,928----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\GRAPHPIA. DLL+ 2003-06-18 23:31:10252,928----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MDIINK. DLL+ 2003-07-15 04:57:14124,480----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1CORE. DLL+ 2003-07-15 05:12:2247,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1XTOR. DLL+ 2003-07-15 04:56:1440,504----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSE7. EXE+ 2003-07-15 04:51:4487,104----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSENCODE. DLL+ 2003-07-15 04:52:5217,464----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSMH. DLL+ 2003-07-15 04:57:16120,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOAUTH. DLL+ 2003-07-15 04:52:5227,704----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSODCW. DLL+ 2003-07-15 04:52:5655,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOHTMED. EXE+ 2003-07-15 04:56:1654,328----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOMSE. DLL+ 2003-07-11 08:15:481,292,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSONSEXT. DLL+ 2003-07-15 09:18:52376,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSORUN. DLL+ 2003-07-15 04:52:5428,224----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE. DLL+ 2003-07-15 04:52:5235,896----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSV. DLL+ 2003-07-15 04:53:0055,872----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVABW. DLL+ 2003-07-15 04:53:2039,488----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVFBR. DLL+ 2003-07-15 04:46:1642,040----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXEV. DLL+ 2003-07-15 04:45:1255,360----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLED. EXE+ 2003-07-15 04:45:1239,488----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF. DLL+ 2003-06-18 23:31:54788,480----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPFILT. DLL+ 2003-06-18 23:31:5016,384----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPGIMME. DLL+ 2003-06-19 22:05:52128,104----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPSCAN. EXE+ 2003-06-19 22:05:50364,648----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPVIEW. EXE+ 2003-07-15 05:02:42637,496----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSQRY32. EXE+ 2003-07-15 04:52:5841,528----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSSH. DLL+ 2003-12-10 04:41:1920,080----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSTAGPIA. DLL+ 2003-07-15 05:00:54145,984----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP. DLL+ 2003-07-15 04:57:1056,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\label. DLL+ 2003-07-15 04:56:5213,888----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\NPOFFICE. DLL+ 2003-06-18 23:31:586,144----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OCRPS. DLL+ 2003-12-10 04:41:19223,800----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OFFICE. DLL+ 2003-07-15 09:14:26242,240----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OISGRAPH. DLL+ 2003-12-10 04:41:1935,448----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OLCTLPIA. DLL+ 2003-07-15 05:05:241,054,264----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OMFC. DLL+ 2003-07-15 04:44:34102,968----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLCTL. DLL+ 2003-12-10 04:41:19408,176----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLPIA. DLL+ 2003-07-15 04:43:1649,208----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLWAB. DLL+ 2003-12-10 04:41:19461,416----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OWC11PIA. DLL+ 2003-07-15 09:18:4493,752----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PP7X32. DLL+ 2003-12-10 04:41:19223,856----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PPTPIA. DLL+ 2002-10-07 16:11:00167,997----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PSOM. DLL+ 2003-12-10 04:41:19211,568----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBPIA. DLL+ 2003-07-15 04:40:1651,256----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBTRAP. DLL+ 2003-05-09 03:54:0077,824----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFEDIT. DLL+ 2003-07-15 04:57:0840,512----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFIEBAR. DLL+ 2002-10-07 15:49:4281,984----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REVERSE. DLL+ 2003-07-21 17:46:38390,712----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\RTFHTML. DLL+ 2003-07-15 04:57:18349,248----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SELFCERT. EXE+ 2003-07-15 04:44:1666,616----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SENDTO. DLL+ 2003-07-15 04:57:0858,944----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SEQCHK10. DLL+ 2003-07-15 04:53:1411,848----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL. EXE+ 2002-10-07 15:53:04106,561----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\THOCRAPI. DLL+ 2002-10-07 15:50:44241,729----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTCHR. DLL+ 2002-10-07 15:51:04180,289----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTLIN. DLL+ 2002-10-07 15:51:14147,520----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWLAY32. DLL+ 2002-10-07 15:51:20102,467----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWORIENT. DLL+ 2002-10-07 15:50:04118,847----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECE. DLL+ 2002-10-07 15:49:5681,983----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECS. DLL+ 2002-10-07 15:51:44221,252----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWSTRUCT. DLL+ 2003-07-15 04:57:4059,960----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\detach. EXE+ 2003-12-10 04:41:1964,088----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\VBIDEPIA. DLL+ 2003-12-10 04:41:19662,120----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\WORDPIA. DLL+ 2002-10-07 16:03:341,794,113----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XIMAGE3B. DLL+ 2003-04-30 17:52:321,581,120----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XPAGE3C. DLL+ 2003-01-17 20:03:3459,466----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XSCAN32. DAT+ 2001-06-05 14:13:22289,926----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGDIC. DAT+ 2001-06-05 14:13:2234,168----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGIDX. DAT+ 2001-06-05 14:13:2418,844----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\JFONT. DAT+ 2001-06-05 14:13:2665,536----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\LOOKUP. DAT+ 2005-05-04 08:06:28465,640----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMENG. DLL+ 2005-05-04 08:06:321,411,816----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMINE. DLL+ 2005-05-04 08:06:26199,408----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMDUN80. DLL+ 2001-10-23 06:13:4253,260----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRHC. DAT+ 2001-06-05 14:13:2640,972----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRVC. DAT- 2007-10-10 11:01:0712,288----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon exe+ 2007-11-04 17:22:5912,288----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon exe- 2007-10-10 11:01:07135,168----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc exe+ 2007-11-04 17:22:58135,168----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc exe- 2007-10-10 11:01:0711,264----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons exe+ 2007-11-04 17:22:5911,264----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons exe- 2007-10-10 11:01:0727,136----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon exe+ 2007-11-04 17:22:5927,136----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon exe- 2007-10-10 11:01:074,096----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon exe+ 2007-11-04 17:22:594,096----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon exe- 2007-10-10 11:01:07794,624----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon exe+ 2007-11-04 17:22:59794,624----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon exe- 2007-10-10 11:01:07249,856----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico exe+ 2007-11-04 17:22:58249,856----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico exe- 2007-10-10 11:01:0761,440----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs exe+ 2007-11-04 17:22:5861,440----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs exe- 2007-10-10 11:01:0723,040----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico exe+ 2007-11-04 17:22:5923,040----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico exe- 2007-10-10 11:01:07286,720----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon exe+ 2007-11-04 17:22:58286,720----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon exe- 2007-10-10 11:01:07409,600----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons exe+ 2007-11-04 17:22:57409,600----a-rC:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons exe- 2005-03-17 22:39:581,146,320----a-wC:\WINDOWS\SYSTEM32\FM20. DLL+ 2007-06-06 18:53:341,195,888----a-wC:\WINDOWS\SYSTEM32\FM20. DLL- 2003-07-15 04:57:0432,584----a-wC:\WINDOWS\SYSTEM32\FM20ENU. DLL+ 2007-03-23 03:17:0435,440----a-wC:\WINDOWS\SYSTEM32\FM20ENU. DLL- 2007-04-13 05:06:36277,352----a-wC:\WINDOWS\SYSTEM32\FNTCACHE. DAT+ 2007-11-04 17:28:12277,352----a-wC:\WINDOWS\SYSTEM32\FNTCACHE. DAT- 2004-03-22 22:17:0524,816----a-wC:\WINDOWS\SYSTEM32\mdimon dll+ 2007-04-09 21:23:5428,040----a-wC:\WINDOWS\SYSTEM32\mdimon dll- 2004-03-22 22:17:02765,680----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph dll+ 2007-04-09 21:24:04758,664----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph dll- 2004-03-22 22:17:0842,224----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui dll+ 2007-04-09 21:23:5846,472----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui dll- 2004-03-22 22:17:02765,680----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdigraph dll+ 2007-04-09 21:24:04758,664----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdigraph dll- 2004-03-22 22:17:0842,224----a-wC:\WINDOWS\SYSTEM32\transfer\DRIVERS\W32X86\mdiui dll+ 2007-04-09 21:23:5846,472----a-wC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui dll- 2004-03-22 22:17:0625,840----a-wC:\WINDOWS\SYSTEM32\transfer\PRTPROCS\W32X86\mdippr dll+ 2007-04-09 21:23:5428,552----a-wC:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr dll+ 2007-11-05 00:29:2416,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_29c dat.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit fail entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]C:\WINDOWS\system32\bronto dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl dll" [2003-04-24 14:58]"DVDSentry"="C:\WINDOWS\System32\DSentry exe" [2003-08-13 08:27]"PCMService"="C:\schedule Files\Dell\Media Experience\PCMService exe" [2003-08-26 17:47]"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent exe" [2002-04-02 23:01]"UpdReg"="C:\WINDOWS\UpdReg. EXE" [2000-05-10 23:00]"MCAgentExe"="c:\PROGRA~1\mcafee com\agent\mcagent exe" [2005-09-22 18:29]"MCUpdateExe"="C:\PROGRA~1\mcafee com\agent\mcupdate exe" [2006-01-11 12:05]"BJCFD"="C:\schedule Files\BroadJump\Client Foundation\CFD exe" [2002-09-10 20:26]"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB exe" [2003-12-10 03:52]"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon exe" [2003-07-11 13:51]"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient exe" [2003-06-11 01:52]"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32 exe" [2003-06-11 01:52]"DIGStream"="C:\Program Files\DIGStream\digstream exe" [2005-05-18 13:49]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM exe" [2004-07-27 16:50]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch exe" [2004-07-27 16:50]"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck exe" [2004-03-10 15:26]"USB2Check"="C:\WINDOWS\System32\PCLECoInst dll" [2004-04-06 18:05]"USBToolTip"="C:\Program Files\surmount\Shared Files\Programs\USBTip\USBTip exe" [2004-04-23 10:00]"dla"="C:\WINDOWS\system32\dla\tfswctrl exe" [2005-05-31 04:33]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched exe" [2006-10-29 20:37]"WD add Manager"="WDBtnMgr exe" [2007-05-22 18:54 C:\WINDOWS\SYSTEM32\WDBtnMgr exe]"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress exe" [2007-01-22 13:11]"QuickTime assign"="C:\schedule Files\QuickTime\qttask exe" [2007-06-29 06:24]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper exe" [2007-07-10 09:18]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui exe" [2006-11-03 19:20]"OneCareUI"="C:\schedule Files\Microsoft Windows OneCare Live\winssnotify exe" [2007-10-01 09:53][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sonic RecordNow!"="" []"MSMSGS"="C:\schedule Files\Messenger\msmsgs exe" [2004-10-13 08:24]"ctfmon exe"="C:\WINDOWS\system32\ctfmon exe" [2004-08-03 23:56]"DellSupport"="C:\schedule Files\DellSupport\DSAgnt exe" [2007-03-15 11:09]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager exe" [2004-11-22 08:18]C:\Documents and Settings\All Users\go away Menu\Programs\Startup\Adobe Reader Speed Launch lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl exe [2004-12-14 04:44:06]America Online 9.0 Tray Icon lnk - C:\Program Files\America Online 9.0\aoltray exe [2003-12-09 20:38:04]SBC Self Support Tool lnk - C:\Program Files\SBC Self Support Tool\bin\matcli exe [2004-08-05 20:42:12][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]@=[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\inform\fhmvegbk] fhmvegbk dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvwxu] yayvwxu dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklm dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]@="Service"R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr sysR2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv sysR2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc exe"R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng exe"R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter sysS3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent. EXE -i MICROSOFTBCM. Contents of the 'Scheduled Tasks' folder"2007-10-20 00:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate job""2003-12-27 02:00:00 C:\WINDOWS\Tasks\ISP signup reminder 1 job".**************************************************************************catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer. Rootkit scan 2007-11-04 16:30:55Windows 5.1.2600 Service case 2 NTFSscanning hidden processes.. scanning hidden autostart entries.. scanning hidden files.. scan completed successfully hidden files: 0 **************************************************************************. Completion measure: 2007-11-04 16:31:45 - machine was rebooted C:\ComboFix-quarantined-files txt... 2007-05-19 10:09C:\ComboFix2 txt... 2007-10-31 21:16C:\ComboFix3 txt... 2007-05-19 10:09.--- E O F ---
Incident Status Location Potentially unwanted tool:Application/NirCmd. A Not disinfected C:\ComboFix\nircmd cfexe Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ mediaplex com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ad yieldmanager com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ doubleclick net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ advertising com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ bluestreak com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ questionmarket com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ atdmt com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ ads pointroll com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ tribalfusion com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ revenue net/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[landing domainsponsor com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ serving-sys com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ bs serving-sys com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ serving-sys com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ realmedia com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ fastclick net/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ adtech de/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 default\cookies txt[ trafficmp com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ adrevolver com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Brent Koops\Application Data\Mozilla\Firefox\Profiles\bg8ujqz1 fail\cookies txt[ casalemedia com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@ad yieldmanager[1] txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@apmebf[1] txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@atdmt[2] txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@doubleclick[1] txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@fastclick[2] txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@linksynergy[2] txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@questionmarket[1] txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@realmedia[1] txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@statcounter[2] txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@trafficmp[1] txt Spyware:Cookie/Com com Not disinfected C:\Documents and Settings\Brent Koops\Cookies\brent koops@uol com[2] txt Potentially unwanted tool:Application/NirCmd. A Not disinfected C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe[nircmd exe] Potentially unwanted drive:Application/NirCmd. A Not disinfected C:\Documents and Settings\Brent Koops\Desktop\ComboFix exe[nircmd cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brent Koops\Desktop\cast aside\SmitfraudFix\Process exe Virus:Trj/Rebooter. J Disinfected C:\Documents and Settings\Brent Koops\Desktop\Junk\SmitfraudFix\Reboot exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Brent Koops\Desktop\cast aside\SmitfraudFix\restart exe Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSS4895T.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS4F005.002 Potentially unwanted drive:Application/Winantivirus2006 Not disinfected C:\Program Files\turn Micro\Internet Security\VSS5GG5T.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSS5P1RL.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Trend Micro\Internet Security\VSS5PP5T.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\turn Micro\Internet Security\VSS5Q2JD.000 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS5Q4E5.001 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\schedule Files\Trend Micro\Internet Security\VSS7UI05.000 | | | |