Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please help me! I can't remove Trojan.Vundo from my PC!

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please help me! I can't remove Trojan.Vundo from my PC!

Reply
Page 3 of 4 12 3 4
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #21 (permalink)  
Old 18-06-2009, 01:22 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Nope that doesnt work either - its just saved as the internet page on my desktop with the same message "404 - Not found"
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #22 (permalink)  
Old 18-06-2009, 08:46 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help me! I can't remove Trojan.Vundo from my PC!
well that is frustrateing isn't it?


From post #17

Quote:
Follwed your instructions but a message appeared everytime I tried to delete the three files:-

"Object would not be deleted. Do you want to perform the requested delete operation at the next reboot?"
Did you click yes on delete on next reboot and did you reboot. If not please do so.




Try this if no go from above:

After you download the tool boot into safe mode


Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on either the "All Files" button if there is more than 1 item to Delete.
  • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

    c:\windows\system32\fdwbplx.dll
    c:\windows\system32\mjpcdiez.dll
    c:\windows\system32\qemmpqy.dll

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Last edited by Neal; 18-06-2009 at 09:28 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #23 (permalink)  
Old 19-06-2009, 07:15 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Hiya

I followed the instructions you gave me from the post 17 and after I rebooted those files still werent deleted -even though when I went to Unlocker the message came up "no locking handle found".

Then I downloaded Killbox and followed your instructions - this didnt work either...:-(

Did a Hijack this scan too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:24, on 19/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Search Marketing UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {15aebf3b-abd5-4570-bf88-4e8f30997a10} - c:\windows\system32\fdwbplx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5844 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #24 (permalink)  
Old 19-06-2009, 11:30 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help me! I can't remove Trojan.Vundo from my PC!
1. Reboot to safe mode

2. Find the files

3. right click and select rename and rename them to:

c:\windows\system32\fdwbplx.bad
c:\windows\system32\mjpcdiez.bad
c:\windows\system32\qemmpqy.bad

Then try to delete them, if no go run combofix again with the files renamed and post that log.



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:


This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Last edited by Neal; 19-06-2009 at 11:35 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #25 (permalink)  
Old 10-07-2009, 08:55 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Hiya

DrWeb log:-

wywjlmtq.sys;c:\windows\system32\drivers;Trojan.Nt RootKit.1652;Deleted.;

Hijack This log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:23, on 10/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {15aebf3b-abd5-4570-bf88-4e8f30997a10} - c:\windows\system32\fdwbplx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone: Online skills testing, candidate testing and recruitment aptitude tests
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4835 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #26 (permalink)  
Old 10-07-2009, 09:01 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Im also having a problem with my internet - everytime I do a search in Google I am redirected to weird websites - like ads or other weird search engines which tells me to download a file...

Help when is this going to end?! :-(
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #27 (permalink)  
Old 11-07-2009, 08:34 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help me! I can't remove Trojan.Vundo from my PC!
i think part of the problem is that it has been 20 days or so since you've posted here.

Did you delete those files?

Since it has been so long we may as well start over.



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

What is going on now after the above.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #28 (permalink)  
Old 13-07-2009, 08:38 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Hiya!

Here it is

GooredFix by jpshortstuff (12.07.09)
Log created at 20:25 on 13/07/2009 (Compaq_Owner)
Firefox version 3.0.11 (en-GB)

========== GooredScan ==========

Deleting C:\Program Files\Mozilla Firefox\extensions\{0359CEDD-FAD6-4B60-AAAE-40480B5F7400} -> Success!
Deleting C:\Program Files\Mozilla Firefox\extensions\{7D0FD1B9-95DE-4815-AB26-5A5C183A57CA} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:20 02/10/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [18:24 01/01/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [14:21 03/10/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:23 01/01/2009]

-=E.O.F=-


I did try to delete those three files followed all your directions but everytime it doesnt allow me :-(

Thxs for all your help and patience with me it really is appreciated! :-)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #29 (permalink)  
Old 13-07-2009, 10:06 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Please help me! I can't remove Trojan.Vundo from my PC!
It looks like the re-directs you were experienceing have been taken care of due to Gooredfix.


If you have an old copy of combofix please delete it and...


Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #30 (permalink)  
Old 15-07-2009, 07:03 PM
Junior Member
D-A-L Newbie
  
Join Date: Apr 2008
Posts: 22
jada21 Is a beginner here at D-A-L
Re: Please help me! I can't remove Trojan.Vundo from my PC!
Hiya!

Here is the log


ComboFix 09-07-14.08 - Compaq_Owner 15/07/2009 18:49.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.276 [GMT 1:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1136247925
c:\windows\system32\drivers\poiytdkf.sys

.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-12 19:37 . 2009-06-29 11:11 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-12 19:37 . 2009-06-29 11:11 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-12 19:37 . 2009-06-29 11:11 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-12 19:37 . 2009-06-29 11:11 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-12 19:36 . 2009-06-29 11:11 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-12 19:36 . 2009-06-29 11:11 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-12 19:36 . 2009-06-29 11:11 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-12 19:36 . 2009-06-29 11:11 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-12 19:36 . 2009-06-29 11:11 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-12 19:36 . 2009-06-29 11:10 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-12 19:35 . 2009-06-29 11:10 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-10 19:15 . 2009-07-10 19:15 -------- d-----w- c:\documents and settings\Compaq_Owner\DoctorWeb
2009-06-19 17:33 . 2009-06-19 17:39 -------- d-----w- C:\!KillBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-15 17:03 . 2009-05-21 19:19 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-13 09:17 . 2008-10-14 22:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2009-07-12 19:36 . 2008-10-03 14:21 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 11:11 . 2008-10-03 14:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 11:11 . 2008-10-03 14:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 18:15 . 2009-04-29 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 19:57 . 2009-06-10 19:57 1878984 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-10 15:07 . 2009-06-10 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 15:07 . 2009-06-10 15:06 -------- d-----w- c:\program files\iTunes
2009-06-10 15:06 . 2009-06-10 15:06 -------- d-----w- c:\program files\iPod
2009-06-10 15:06 . 2009-06-10 15:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 15:06 . 2005-03-31 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-10 15:06 . 2009-06-10 15:06 -------- d-----w- c:\program files\Bonjour
2009-06-10 15:06 . 2009-06-10 15:05 -------- d-----w- c:\program files\QuickTime
2009-06-10 15:04 . 2009-06-10 15:04 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 15:04 . 2009-06-10 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-08 19:46 . 2009-06-08 15:14 -------- d-----w- c:\program files\Unlocker
2009-06-05 12:57 . 2009-06-05 12:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 19:19 . 2009-05-21 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-21 19:19 . 2009-05-21 19:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-21 19:19 . 2009-05-21 19:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-05-21 19:18 . 2009-05-21 19:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-11 11:26 . 2008-10-03 14:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 17:50 . 2004-08-04 12:00 143872 ----a-w- c:\windows\system32\mjpcdiez.dll
2009-05-07 17:50 . 2004-08-04 12:00 104960 ----a-w- c:\windows\system32\qemmpqy.dll
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-04 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2008-09-21 20:31 . 2008-09-21 20:31 389203 ----a-w- c:\program files\CE.dll
2008-09-21 20:31 . 2008-09-21 20:31 144656 ----a-w- c:\program files\WebLink.dll
2008-09-21 20:31 . 2008-09-21 20:31 1103120 ----a-w- c:\program files\Synchronize.dll
2008-08-08 21:14 . 2008-08-08 21:14 66371 ----a-w- c:\program files\BlackBerry_Desktop_Software_Help.chm
2008-08-08 21:14 . 2008-08-08 21:14 5319 ----a-w- c:\program files\readme.txt
2008-05-15 18:05 . 2008-05-15 18:05 59904 ----a-w- c:\program files\zlib1.dll
2008-05-15 18:05 . 2008-05-15 18:05 172032 ----a-w- c:\program files\mimepp_core.dll
2008-05-15 18:05 . 2008-05-15 18:05 4456 ----a-w- c:\program files\configurationupgrade.xml
2008-05-15 18:05 . 2008-05-15 18:05 4300 ----a-w- c:\program files\conn_install.cfg
2008-05-15 18:05 . 2008-05-15 18:05 2256896 ----a-w- c:\program files\ilsync.dll
2008-05-15 18:05 . 2008-05-15 18:05 1483 ----a-w- c:\program files\configurationupgrade.dtd
2008-05-15 18:05 . 2008-05-15 18:05 10424 ----a-w- c:\program files\System.dtd
2008-05-15 18:05 . 2008-05-15 18:05 26694 ----a-r- c:\program files\blackberry.ico
2009-06-15 00:12 . 2008-10-02 14:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_17.53.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 17:03 . 2009-07-15 17:03 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
- 2008-10-06 23:30 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-10-06 23:30 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\pngfilt.dll
+ 2008-10-03 12:37 . 2009-06-10 20:47 84661 c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2004-08-04 12:00 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2009-06-10 15:04 . 2009-06-05 10:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-06-10 15:04 . 2009-06-05 10:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-06-10 15:07 . 2009-03-19 15:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2004-09-14 20:38 . 2009-03-19 15:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 10:11 . 2008-12-12 10:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 10:18 . 2008-12-12 10:18 87336 c:\windows\system32\dns-sd.exe
- 2004-08-04 12:00 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 12:00 . 2009-04-27 09:17 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 12:00 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-05 23:35 . 2008-10-05 23:35 55296 c:\windows\Installer\dd48c.msi
+ 2009-05-07 19:52 . 2009-05-07 19:52 24064 c:\windows\Installer\6e9de3.msi
+ 2009-05-21 19:19 . 2009-05-21 19:19 34304 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2009-06-10 15:05 . 2009-06-10 15:05 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-06-10 15:06 . 2009-06-10 15:06 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2008-10-02 21:58 . 2004-08-04 12:00 66048 c:\windows\I386\WINNT32.MSI
+ 2009-06-11 00:13 . 2009-02-20 08:30 39424 c:\windows\$NtUninstallKB969897$\pngfilt.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 16384 c:\windows\$NtUninstallKB969897$\jsproxy.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 96256 c:\windows\$NtUninstallKB969897$\inseng.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 81920 c:\windows\$NtUninstallKB969897$\ieencode.dll
+ 2009-06-11 00:13 . 2009-02-19 09:58 18432 c:\windows\$NtUninstallKB969897$\iedw.exe
+ 2009-06-11 00:13 . 2009-02-20 08:30 55808 c:\windows\$NtUninstallKB969897$\extmgr.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897\update\spcustom.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897\spmsg.dll
+ 2009-04-29 04:21 . 2009-04-29 04:21 81920 c:\windows\$hf_mig$\KB969897\SP3QFE\ieencode.dll
+ 2009-04-29 04:46 . 2009-04-29 04:46 81920 c:\windows\$hf_mig$\KB969897\SP3GDR\ieencode.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 39424 c:\windows\$hf_mig$\KB969897\SP2QFE\pngfilt.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 16384 c:\windows\$hf_mig$\KB969897\SP2QFE\jsproxy.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 96256 c:\windows\$hf_mig$\KB969897\SP2QFE\inseng.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 81920 c:\windows\$hf_mig$\KB969897\SP2QFE\ieencode.dll
+ 2009-04-27 09:29 . 2009-04-27 09:29 18432 c:\windows\$hf_mig$\KB969897\SP2QFE\iedw.exe
+ 2009-04-29 04:31 . 2009-04-29 04:31 55808 c:\windows\$hf_mig$\KB969897\SP2QFE\extmgr.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
- 2008-07-03 09:14 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
+ 2008-07-03 09:14 . 2009-04-27 09:18 351744 c:\windows\system32\xpsp3res.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\mshtmled.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2004-08-04 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2004-09-14 20:38 . 2008-04-17 11:12 107368 c:\windows\system32\GEARAspi.dll
- 2004-11-09 20:22 . 2009-03-11 08:33 110992 c:\windows\system32\FNTCACHE.DAT
+ 2004-11-09 20:22 . 2009-06-11 07:55 110992 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dxtmsft.dll
+ 2009-06-10 15:07 . 2008-04-17 11:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 659456 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\cdfview.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
+ 2008-11-13 00:47 . 2008-11-13 00:47 491520 c:\windows\Installer\f20a1.msi
+ 2008-10-03 16:49 . 2008-10-03 16:49 431104 c:\windows\Installer\e8ce6a.msi
+ 2008-10-02 18:37 . 2008-10-02 18:37 239616 c:\windows\Installer\c0826.msi
+ 2008-10-02 18:37 . 2008-10-02 18:37 321536 c:\windows\Installer\c0820.msi
+ 2008-10-02 18:36 . 2008-10-02 18:36 291328 c:\windows\Installer\c080c.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 121344 c:\windows\Installer\c0802.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 477696 c:\windows\Installer\c07fc.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 121344 c:\windows\Installer\c07f2.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 344064 c:\windows\Installer\c07ec.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 338944 c:\windows\Installer\c07e6.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 557056 c:\windows\Installer\c07e0.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 325632 c:\windows\Installer\c07d6.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 316416 c:\windows\Installer\c07d0.msi
+ 2008-10-02 18:35 . 2008-10-02 18:35 467456 c:\windows\Installer\c07ca.msi
+ 2008-10-02 18:34 . 2008-10-02 18:34 488448 c:\windows\Installer\c07c3.msi
+ 2008-10-02 18:34 . 2008-10-02 18:34 537088 c:\windows\Installer\c07bc.msi
+ 2008-10-02 18:34 . 2008-10-02 18:34 121344 c:\windows\Installer\c07a7.msi
+ 2008-10-02 18:34 . 2008-10-02 18:34 489472 c:\windows\Installer\c07a1.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 667136 c:\windows\Installer\c079a.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 492032 c:\windows\Installer\c0793.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 121344 c:\windows\Installer\c078c.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 183296 c:\windows\Installer\c0783.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 425984 c:\windows\Installer\c0779.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 437248 c:\windows\Installer\c0773.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 202240 c:\windows\Installer\c076c.msi
+ 2008-10-02 18:32 . 2008-10-02 18:32 795136 c:\windows\Installer\c0766.msi
+ 2008-10-02 18:32 . 2008-10-02 18:32 547840 c:\windows\Installer\c0760.msi
+ 2008-10-02 18:32 . 2008-10-02 18:32 637952 c:\windows\Installer\c0759.msi
+ 2008-10-02 18:32 . 2008-10-02 18:32 334848 c:\windows\Installer\c0753.msi
+ 2004-11-09 20:23 . 2004-11-09 20:23 264704 c:\windows\Installer\b53a.msi
+ 2009-01-01 18:23 . 2009-01-01 18:23 562176 c:\windows\Installer\7a424.msi
+ 2005-03-31 04:33 . 2005-03-31 04:33 621056 c:\windows\Installer\73abb.msi
+ 2008-10-03 14:21 . 2008-10-03 14:21 337408 c:\windows\Installer\613055.msi
+ 2008-10-06 23:17 . 2008-10-06 23:17 836096 c:\windows\Installer\4269b8.msi
+ 2008-11-12 00:50 . 2008-11-12 00:50 432640 c:\windows\Installer\1652940.msi
+ 2008-10-02 14:10 . 2008-10-02 14:10 289792 c:\windows\Installer\12df8.msi
+ 2009-02-23 10:34 . 2009-02-23 10:34 972800 c:\windows\Installer\11156f.msi
+ 2005-03-31 04:46 . 2005-03-31 04:46 377344 c:\windows\Installer\10109.msi
+ 2005-03-31 04:45 . 2005-03-31 04:45 226304 c:\windows\Installer\100f8.msi
+ 2009-06-10 15:07 . 2009-06-10 15:07 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
+ 2009-06-11 00:13 . 2009-02-19 09:47 351744 c:\windows\$NtUninstallKB970238$\xpsp3res.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi .dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst .exe
+ 2009-06-11 00:13 . 2004-08-04 12:00 581120 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi .dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst .exe
+ 2009-06-11 00:13 . 2009-04-15 09:24 351744 c:\windows\$NtUninstallKB969897$\xpsp3res.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 659456 c:\windows\$NtUninstallKB969897$\wininet.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 616448 c:\windows\$NtUninstallKB969897$\urlmon.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969897$\spuninst\updspapi .dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969897$\spuninst\spuninst .exe
+ 2009-06-11 00:13 . 2009-02-20 08:30 474112 c:\windows\$NtUninstallKB969897$\shlwapi.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 532480 c:\windows\$NtUninstallKB969897$\mstime.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 146432 c:\windows\$NtUninstallKB969897$\msrating.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 449024 c:\windows\$NtUninstallKB969897$\mshtmled.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 251392 c:\windows\$NtUninstallKB969897$\iepeers.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 205312 c:\windows\$NtUninstallKB969897$\dxtrans.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 357888 c:\windows\$NtUninstallKB969897$\dxtmsft.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 151040 c:\windows\$NtUninstallKB969897$\cdfview.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi .dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst .exe
+ 2009-06-11 00:13 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi .dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst .exe
+ 2009-06-11 00:13 . 2004-08-04 12:00 341504 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-04-15 09:24 . 2009-04-15 09:24 351744 c:\windows\$hf_mig$\KB970238\SP2QFE\xpsp3res.dll
+ 2009-04-15 15:26 . 2009-04-15 15:26 583168 c:\windows\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-11 00:13 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969897\update\updspapi.dll
+ 2009-06-11 00:13 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897\update\update.exe
+ 2009-06-11 00:13 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897\spuninst.exe
+ 2009-04-29 04:21 . 2009-04-29 04:21 668160 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
+ 2009-04-29 04:21 . 2009-04-29 04:21 620032 c:\windows\$hf_mig$\KB969897\SP3QFE\urlmon.dll
+ 2009-04-29 04:46 . 2009-04-29 04:46 666624 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
+ 2009-04-29 04:46 . 2009-04-29 04:46 620032 c:\windows\$hf_mig$\KB969897\SP3GDR\urlmon.dll
+ 2009-04-27 09:18 . 2009-04-27 09:18 351744 c:\windows\$hf_mig$\KB969897\SP2QFE\xpsp3res.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 668160 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 619520 c:\windows\$hf_mig$\KB969897\SP2QFE\urlmon.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 474112 c:\windows\$hf_mig$\KB969897\SP2QFE\shlwapi.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 532480 c:\windows\$hf_mig$\KB969897\SP2QFE\mstime.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 146432 c:\windows\$hf_mig$\KB969897\SP2QFE\msrating.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 449024 c:\windows\$hf_mig$\KB969897\SP2QFE\mshtmled.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 251904 c:\windows\$hf_mig$\KB969897\SP2QFE\iepeers.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 205312 c:\windows\$hf_mig$\KB969897\SP2QFE\dxtrans.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 357888 c:\windows\$hf_mig$\KB969897\SP2QFE\dxtmsft.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 151040 c:\windows\$hf_mig$\KB969897\SP2QFE\cdfview.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 00:13 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-11 00:13 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 00:13 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 00:13 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:26 . 2009-05-07 15:26 346112 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-04 12:00 . 2009-04-29 04:52 1495552 c:\windows\system32\shdocvw.dll
- 2004-08-04 12:00 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 3060736 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-06-10 15:04 . 2009-06-05 10:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-06-10 15:04 . 2009-06-05 10:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dl l
+ 2004-08-04 12:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 3060736 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\dllcache\danim.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\danim.dll
+ 2008-10-02 14:04 . 2005-03-31 04:32 9207808 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2004-08-04 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\browseui.dll
- 2004-08-04 12:00 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2007-05-25 11:08 . 2007-05-25 11:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M928366\M928366Uninstall.msp
+ 2008-07-15 22:12 . 2008-07-15 22:12 1298432 c:\windows\Installer\dd493.msp
+ 2008-10-02 18:37 . 2008-10-02 18:37 1939968 c:\windows\Installer\c0819.msi
+ 2008-10-02 18:36 . 2008-10-02 18:36 1332224 c:\windows\Installer\c0813.msi
+ 2008-10-02 18:34 . 2008-10-02 18:34 3155456 c:\windows\Installer\c07b5.msi
+ 2008-10-02 18:33 . 2008-10-02 18:33 1241600 c:\windows\Installer\c0786.msi
+ 2009-06-10 15:07 . 2009-06-10 15:07 4074496 c:\windows\Installer\8a9442.msi
+ 2009-06-10 15:06 . 2009-06-10 15:06 1659392 c:\windows\Installer\8a941f.msi
+ 2009-06-10 15:06 . 2009-06-10 15:06 8992256 c:\windows\Installer\8a9419.msi
+ 2009-06-10 15:05 . 2009-06-10 15:05 1549312 c:\windows\Installer\8a93df.msi
+ 2009-06-10 15:04 . 2009-06-10 15:04 3295232 c:\windows\Installer\8a93d9.msi
+ 2005-03-31 04:33 . 2005-03-31 04:33 1620992 c:\windows\Installer\73ac1.msi
+ 2005-03-31 04:32 . 2005-03-31 04:32 3443712 c:\windows\Installer\64127.msi
+ 2008-10-03 13:54 . 2008-10-03 13:54 3485184 c:\windows\Installer\477f4f.msi
+ 2008-10-05 04:12 . 2008-10-05 04:12 4784128 c:\windows\Installer\30528.msp
+ 2009-05-21 19:19 . 2009-05-21 19:19 1466368 c:\windows\Installer\295d3e.msi
+ 2009-01-15 03:35 . 2009-01-15 03:35 4830720 c:\windows\Installer\12e3830.msp
+ 2005-03-31 04:55 . 2005-03-31 04:55 1346048 c:\windows\Installer\10125.msi
+ 2005-03-31 04:54 . 2005-03-31 04:54 5117440 c:\windows\Installer\1011c.msi
+ 2005-03-31 04:46 . 2005-03-31 04:46 2247680 c:\windows\Installer\10100.msi
+ 2005-03-31 04:44 . 2005-03-31 04:44 2589696 c:\windows\Installer\1008c.msi
+ 2003-11-03 21:06 . 2003-11-03 21:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2009-06-11 00:13 . 2009-03-02 23:52 1495552 c:\windows\$NtUninstallKB969897$\shdocvw.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 3059712 c:\windows\$NtUninstallKB969897$\mshtml.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 1054208 c:\windows\$NtUninstallKB969897$\danim.dll
+ 2009-06-11 00:13 . 2009-02-20 08:30 1023488 c:\windows\$NtUninstallKB969897$\browseui.dll
+ 2009-06-11 00:13 . 2009-02-09 10:19 1846272 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-04-29 04:21 . 2009-04-29 04:21 1499136 c:\windows\$hf_mig$\KB969897\SP3QFE\shdocvw.dll
+ 2009-04-29 04:21 . 2009-04-29 04:21 3069440 c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
+ 2009-04-29 04:46 . 2009-04-29 04:46 1499136 c:\windows\$hf_mig$\KB969897\SP3GDR\shdocvw.dll
+ 2009-04-29 04:46 . 2009-04-29 04:46 3068928 c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 1499136 c:\windows\$hf_mig$\KB969897\SP2QFE\shdocvw.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 3068928 c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 1054208 c:\windows\$hf_mig$\KB969897\SP2QFE\danim.dll
+ 2009-04-29 04:31 . 2009-04-29 04:31 1024000 c:\windows\$hf_mig$\KB969897\SP2QFE\browseui.dll
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-17 12:26 . 2009-04-17 12:26 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
+ 2009-04-17 10:09 . 2009-04-17 10:09 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
+ 2008-10-03 16:49 . 2008-10-03 16:49 19210240 c:\windows\Installer\e8ceb4.msp
+ 2008-10-05 21:42 . 2008-10-05 21:42 15256576 c:\windows\Installer\7190b7.msp
+ 2009-02-22 21:01 . 2009-02-22 21:01 19678208 c:\windows\Installer\198ea6.msi
+ 2005-03-31 04:56 . 2005-03-31 04:56 11746816 c:\windows\Installer\10130.msi
+ 2005-03-31 04:48 . 2005-03-31 04:48 20034560 c:\windows\Downloaded Installations\{EA6652A6-343E-4645-AF84-0BACF426C950}\iTunes.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15aebf3b-abd5-4570-bf88-4e8f30997a10}]
2004-08-04 12:00 104960 ------w- c:\windows\system32\fdwbplx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-26 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 11:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/10/2008 15:21 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/10/2008 15:21 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 14:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 14:22 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/10/2008 15:21 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/10/2008 15:21 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 14:22 7408]
S2 Aniptjoiz;Aniptjoiz;c:\windows\System32\svchost.ex e -k netsvcs [04/08/2004 13:00 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Aniptjoiz
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: skills-arena.co.uk\www
Trusted Zone: skills-arena.com\www
Trusted Zone: skillsarena.co.uk\www
Trusted Zone: skillsarena.com\www
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c6x4hwuf.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-15 18:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
.
Completion time: 2009-07-15 18:55
ComboFix-quarantined-files.txt 2009-07-15 17:55
ComboFix2.txt 2009-05-12 22:45
ComboFix3.txt 2009-05-07 17:54

Pre-Run: 117,927,284,736 bytes free
Post-Run: 118,065,664,000 bytes free

457 --- E O F --- 2009-07-15 00:34


Thxs!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Have a Vundo Trojan, can't seem to get rid of it, help... mark227 Spyware, Adware, Viruses and HijackThis Logs 8 16-01-2009 12:48 AM
Vundo Trojan keeps reinstalling help robert39n Spyware, Adware, Viruses and HijackThis Logs 3 20-10-2008 12:14 AM
Vundo Trojan(RESOLVED) viruzxp Spyware, Adware, Viruses and HijackThis Logs 7 23-05-2008 08:20 PM
Vundo Trojan gr8fldad Spyware, Adware, Viruses and HijackThis Logs 16 28-11-2007 02:44 AM
Vundo trojan cannot remove - Please help Springer2002 Spyware, Adware, Viruses and HijackThis Logs 1 20-06-2007 09:35 PM


All times are GMT +1. The time now is 06:33 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav