trojan downloader help

jinky67

+ 2009-06-13 19:13 . 2009-04-30 12:00 521728 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21051_none_cd32470ce586a3ab\ehui.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 517632 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16856_none_ccadd391cc644f52\ehui.dll
+ 2009-06-13 19:12 . 2009-04-30 12:16 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22423_none_273f9b1b7b253f90\ehPresenter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18254_none_26968cf0621f0fc9\ehPresenter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:00 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.21051_none_2536c2597e1905df\ehPresenter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:41 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16856_none_24b24ede64f6b186\ehPresenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:01 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22126_none_3019d864cf578034\ehPlayer.dll
+ 2009-06-13 19:13 . 2009-04-30 11:47 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18030_none_2f7f69f1b6476451\ehPlayer.dll
+ 2009-06-13 19:13 . 2009-04-30 12:16 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22423_none_2e30659ed233df0b\ehPlayer.dll
+ 2009-06-13 19:13 . 2009-04-30 12:33 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18254_none_2d875773b92daf44\ehPlayer.dll
+ 2009-06-13 19:13 . 2009-04-30 12:00 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21051_none_2c278cdcd527a55a\ehPlayer.dll
+ 2009-06-13 19:12 . 2009-04-30 12:16 373248 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22423_none_2fb2ddfc834d299c\ehglid.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 373248 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18254_none_2f09cfd16a46f9d5\ehglid.dll
+ 2009-06-13 19:13 . 2009-04-30 12:00 372736 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21051_none_2daa053a8640efeb\ehglid.dll
+ 2009-06-13 19:13 . 2009-04-30 12:41 372224 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16856_none_2d2591bf6d1e9b92\ehglid.dll
+ 2009-06-13 19:12 . 2009-04-30 11:47 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22423_none_34a0ebecf3254d51\McrMgr.exe
+ 2009-06-13 19:12 . 2009-04-30 12:00 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.exe
+ 2009-06-13 19:13 . 2009-04-30 11:31 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21051_none_3298132af61913a0\McrMgr.exe
+ 2009-06-13 19:12 . 2009-04-30 12:09 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16856_none_32139fafdcf6bf47\McrMgr.exe
+ 2009-06-13 19:12 . 2009-04-30 12:16 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22423_none_152e7b96b8dde8f3\ehReplay.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18254_none_14856d6b9fd7b92c\ehReplay.dll
+ 2009-06-13 19:13 . 2009-04-30 12:00 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.21051_none_1325a2d4bbd1af42\ehReplay.dll
+ 2009-06-13 19:12 . 2009-04-30 12:41 252416 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16856_none_12a12f59a2af5ae9\ehReplay.dll
+ 2009-06-13 19:12 . 2009-04-30 12:19 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22423_none_ce9aa784e2f278f7\cbva.dll
+ 2009-06-13 19:12 . 2009-04-30 12:37 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18254_none_cdf19959c9ec4930\cbva.dll
+ 2009-06-13 19:12 . 2009-04-30 11:59 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21051_none_cc91cec2e5e63f46\cbva.dll
+ 2009-06-13 19:12 . 2009-04-30 12:40 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16856_none_cc0d5b47ccc3eaed\cbva.dll
+ 2009-06-10 18:28 . 2009-04-24 15:52 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21046_none_aa4961990ee2d227\advpack.dll
+ 2009-06-10 18:28 . 2009-04-24 16:11 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16851_none_a9b01b4df5d19c59\advpack.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22126_none_27de1592e29b9884\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18030_none_2743a71fc98b7ca1\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22423_none_25f4a2cce577f75b\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18254_none_254b94a1cc71c794\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 225280 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21051_none_23ebca0ae86bbdaa\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:56 225280 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16856_none_2367568fcf496951\Microsoft.MediaCenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.22126_none_c7f9169954229812\mcstore.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.18030_none_c75ea8263b127c2f\mcstore.dll
+ 2009-06-13 19:12 . 2009-04-30 12:21 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.22423_none_c60fa3d356fef6e9\mcstore.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.18254_none_c56695a83df8c722\mcstore.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 212992 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.21051_none_c406cb1159f2bd38\mcstore.dll
+ 2009-06-13 19:13 . 2009-04-30 12:55 212992 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.16856_none_c382579640d068df\mcstore.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22126_none_8d41cc615e8201b1\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18030_none_8ca75dee4571e5ce\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22423_none_8b58599b615e6088\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18254_none_8aaf4b70485830c1\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21051_none_894f80d9645226d7\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:55 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16856_none_88cb0d5e4b2fd27e\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 135168 c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd\ehexthost.exe
+ 2009-06-13 19:12 . 2009-04-30 12:55 135168 c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84\ehexthost.exe
+ 2009-06-13 19:13 . 2009-04-30 12:06 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.22126_none_de03aef7e5372a6c\ehepg.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.18030_none_dd694084cc270e89\ehepg.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.22423_none_dc1a3c31e8138943\ehepg.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.18254_none_db712e06cf0d597c\ehepg.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 876544 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.21051_none_da11636feb074f92\ehepg.dll
+ 2009-06-13 19:13 . 2009-04-30 12:55 876544 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16856_none_d98ceff4d1e4fb39\ehepg.dll
+ 2008-12-08 12:18 . 2009-06-02 10:54 171594 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-11-27 15:36 . 2009-06-26 16:05 216148 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-08-07 16:54 . 2009-02-24 19:35 379640 c:\windows\System32\pxwave.dll
- 2008-08-07 16:54 . 2006-09-27 21:53 379640 c:\windows\System32\pxwave.dll
+ 2008-08-07 16:54 . 2009-02-24 19:35 187128 c:\windows\System32\pxmas.dll
+ 2008-08-07 16:54 . 2009-02-24 19:35 518904 c:\windows\System32\pxdrv.dll
+ 2008-08-07 16:54 . 2009-02-24 19:35 551672 c:\windows\System32\px.dll
- 2006-11-02 10:33 . 2009-04-20 15:19 601008 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-23 04:38 601008 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-20 15:19 106498 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-23 04:38 106498 c:\windows\System32\perfc009.dat
- 2009-04-18 08:24 . 2009-03-03 04:39 102912 c:\windows\System32\occache.dll
+ 2009-06-10 18:28 . 2009-04-24 16:04 102912 c:\windows\System32\occache.dll
- 2009-04-18 08:24 . 2009-03-03 04:38 671232 c:\windows\System32\mstime.dll
+ 2009-06-10 18:28 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll
- 2009-04-18 08:24 . 2009-03-03 04:38 458240 c:\windows\System32\msfeeds.dll
+ 2009-06-10 18:28 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll
- 2009-03-25 00:20 . 2009-03-09 05:19 148888 c:\windows\System32\javaws.exe
+ 2009-06-01 12:14 . 2009-06-01 12:14 148888 c:\windows\System32\javaws.exe
- 2009-03-25 00:20 . 2009-03-09 05:19 144792 c:\windows\System32\javaw.exe
+ 2009-06-01 12:14 . 2009-06-01 12:14 144792 c:\windows\System32\javaw.exe
- 2009-03-25 00:20 . 2009-03-09 05:19 144792 c:\windows\System32\java.exe
+ 2009-06-01 12:14 . 2009-06-01 12:14 144792 c:\windows\System32\java.exe
+ 2009-06-10 18:28 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll
- 2009-04-18 08:24 . 2009-03-03 04:37 389120 c:\windows\System32\iedkcs32.dll
+ 2009-06-10 18:28 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll
- 2009-04-18 08:24 . 2009-03-03 04:37 230400 c:\windows\System32\ieaksie.dll
+ 2009-06-10 18:28 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll
- 2006-11-02 12:47 . 2009-03-22 20:34 338152 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2009-06-11 07:14 338152 c:\windows\System32\FNTCACHE.DAT

jinky67

- 2008-11-27 12:30 . 2009-04-20 13:58 974880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-27 12:30 . 2009-06-27 10:17 974880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-02 13:27 . 2009-06-02 13:27 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe
+ 2008-08-07 17:01 . 2009-06-10 21:33 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-07 17:01 . 2009-04-20 08:08 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-07 17:01 . 2009-06-10 21:33 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-07 17:01 . 2009-04-20 08:08 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-07 17:01 . 2009-06-10 21:33 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-07 17:01 . 2009-04-20 08:08 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-07 17:01 . 2009-04-20 08:08 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-08-07 17:01 . 2009-06-10 21:33 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-29 09:10 . 2009-04-29 09:10 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-12-12 14:58 . 2008-12-12 14:58 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-08-07 17:05 . 2008-08-07 17:05 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2008-08-07 17:05 . 2009-06-10 21:34 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2008-08-07 17:05 . 2008-08-07 17:05 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2008-08-07 17:05 . 2009-06-10 21:34 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2008-08-07 17:05 . 2009-06-10 21:34 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
- 2008-08-07 17:05 . 2008-08-07 17:05 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-01-18 16:05 . 2009-01-18 16:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2007-06-20 20:04 . 2007-06-20 20:04 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F366_wkcvqr01.dll
+ 2007-06-21 20:48 . 2007-06-21 20:48 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F365_wkcvqd01.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 212992 c:\windows\ehome\Microsoft.MediaCenter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 188416 c:\windows\ehome\mcstore.dll
+ 2009-06-13 19:12 . 2009-04-30 12:00 173056 c:\windows\ehome\McrMgr.exe
- 2009-02-15 01:31 . 2008-12-05 04:32 173056 c:\windows\ehome\McrMgr.exe
- 2009-02-15 01:31 . 2008-12-05 04:31 253952 c:\windows\ehome\ehvid.exe
+ 2009-06-13 19:12 . 2009-04-30 10:28 253952 c:\windows\ehome\ehvid.exe
+ 2009-06-13 19:12 . 2009-04-30 12:33 522240 c:\windows\ehome\ehui.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 522240 c:\windows\ehome\ehui.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 254464 c:\windows\ehome\ehReplay.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 254464 c:\windows\ehome\ehReplay.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 532480 c:\windows\ehome\ehRecObj.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 105472 c:\windows\ehome\ehPresenter.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 105472 c:\windows\ehome\ehPresenter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:33 278528 c:\windows\ehome\ehPlayer.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 373248 c:\windows\ehome\ehglid.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 373248 c:\windows\ehome\ehglid.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 839680 c:\windows\ehome\ehepg.dll
+ 2009-06-13 19:12 . 2009-04-30 12:37 180224 c:\windows\ehome\cbva.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 180224 c:\windows\ehome\cbva.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 212992 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 188416 c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 532480 c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 839680 c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
+ 2009-05-13 09:16 . 2009-05-13 09:16 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-06-10 18:29 . 2009-04-21 11:42 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
+ 2009-06-10 18:29 . 2009-04-21 11:39 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
+ 2009-06-10 18:29 . 2009-04-21 13:26 2034176 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
+ 2009-06-10 18:29 . 2009-04-21 11:55 2033152 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
+ 2009-06-10 18:29 . 2009-04-21 11:55 2030080 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
+ 2009-06-10 18:29 . 2009-04-21 12:04 2028032 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
+ 2009-05-06 09:01 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-05-06 09:01 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-05-06 09:01 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
+ 2009-05-13 05:39 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
+ 2009-05-13 05:39 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
+ 2009-05-13 05:39 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
+ 2009-05-13 05:39 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
+ 2009-06-13 19:12 . 2009-04-30 12:02 1244672 c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.21051_none_3d9893fe7ba30b35\mcmde.dll
+ 2009-06-13 19:12 . 2009-04-30 12:44 1244672 c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16856_none_3d1420836280b6dc\mcmde.dll
+ 2009-06-10 18:28 . 2009-04-24 15:57 6071296 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22418_none_65294180c73d8731\ieframe.dll
+ 2009-06-10 18:28 . 2009-04-24 16:02 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieframe.dll
+ 2009-06-10 18:28 . 2009-04-24 15:54 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21046_none_632068beca314d80\ieframe.dll
+ 2009-06-10 18:28 . 2009-04-24 16:14 6066176 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16851_none_62872273b12017b2\ieframe.dll
+ 2009-06-10 18:28 . 2009-04-24 15:41 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22121_none_159e8773387cb8b8\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-23 12:14 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18024_none_1517eb861f5c64f3\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-24 15:58 3582976 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22418_none_13c9e77d3b47f904\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-24 16:03 3581952 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18248_none_131fd9082242afe6\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-24 15:57 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21046_none_11c10ebb3e3bbf53\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-24 16:17 3596288 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16851_none_1127c870252a8985\mshtml.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21046_none_fa10127687d0d070\ieapfltr.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16851_none_f976cc2b6ebf9aa2\ieapfltr.dat
+ 2009-06-10 18:28 . 2009-04-24 15:43 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22121_none_b73e8cb2ed1d28ef\urlmon.dll
+ 2009-06-10 18:28 . 2009-04-23 12:15 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18024_none_b6b7f0c5d3fcd52a\urlmon.dll
+ 2009-06-10 18:28 . 2009-04-24 16:00 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22418_none_b569ecbcefe8693b\urlmon.dll
+ 2009-06-10 18:28 . 2009-04-24 16:05 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\urlmon.dll
+ 2009-06-10 18:28 . 2009-04-24 16:01 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21046_none_b36113faf2dc2f8a\urlmon.dll
+ 2009-06-10 18:28 . 2009-04-24 16:22 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16851_none_b2c7cdafd9caf9bc\urlmon.dll
+ 2009-06-13 19:13 . 2009-04-30 12:00 1498112 c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21051_none_3a793943475c584d\ehuihlp.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 1497088 c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16856_none_39f4c5c82e3a03f4\ehuihlp.dll
+ 2009-06-13 19:12 . 2009-04-30 12:17 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22423_none_3685ee5032972d7f\Mcx2Filter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:34 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18254_none_35dce0251990fdb8\Mcx2Filter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:03 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21051_none_347d158e358af3ce\Mcx2Filter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:44 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16856_none_33f8a2131c689f75\Mcx2Filter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22126_none_3582bc9f6d832c6e\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18030_none_34e84e2c5473108b\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22423_none_339949d9705f8b45\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18254_none_32f03bae57595b7e\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 2363392 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21051_none_3190711773535194\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:56 2355200 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16856_none_310bfd9c5a30fd3b\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22126_none_52f46defac2f2f54\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18030_none_5259ff7c931f1371\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22423_none_510afb29af0b8e2b\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1253376 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18254_none_5061ecfe96055e64\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 1282048 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21051_none_4f022267b1ff547a\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:56 1208320 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16856_none_4e7daeec98dd0021\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:06 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.22126_none_8df6ca3857eab8be\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 11:54 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.18030_none_8d5c5bc53eda9cdb\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:21 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22423_none_8c0d57725ac71795\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18254_none_8b64494741c0e7ce\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:09 4395008 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.21051_none_8a047eb05dbadde4\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:55 4382720 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16856_none_89800b354498898b\ehshell.dll

jinky67

+ 2009-06-10 18:28 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll
- 2009-04-18 08:24 . 2009-03-03 04:40 1166336 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-06-27 08:58 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-04-20 09:04 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-10 18:28 . 2009-04-24 16:03 3581952 c:\windows\System32\mshtml.dll
+ 2009-06-10 18:28 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll
+ 2008-08-07 17:01 . 2009-06-10 21:33 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-07 17:01 . 2009-04-20 08:08 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-07 17:05 . 2009-06-10 21:34 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-08-07 17:05 . 2008-08-07 17:05 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2008-08-07 17:05 . 2009-06-10 21:34 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
- 2008-08-07 17:05 . 2008-08-07 17:05 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2008-12-18 16:48 . 2008-12-18 16:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1970176 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1253376 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
- 2009-02-15 01:31 . 2008-12-05 04:32 1384960 c:\windows\ehome\Mcx2Filter.dll
+ 2009-06-13 19:12 . 2009-04-30 12:34 1384960 c:\windows\ehome\Mcx2Filter.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 4059136 c:\windows\ehome\ehshell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1970176 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 1253376 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2009-06-13 19:13 . 2009-04-30 12:42 4059136 c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2009-06-13 19:12 . 2009-04-30 12:02 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22126_none_546c7a3e66c6e86b\ehres.dll
+ 2009-06-13 19:12 . 2009-04-30 11:47 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18030_none_53d20bcb4db6cc88\ehres.dll
+ 2009-06-13 19:12 . 2009-04-30 12:16 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22423_none_5283077869a34742\ehres.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18254_none_51d9f94d509d177b\ehres.dll
+ 2009-06-13 19:12 . 2009-04-30 12:00 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21051_none_507a2eb66c970d91\ehres.dll
+ 2009-06-13 19:12 . 2009-04-30 12:42 10101760 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16856_none_4ff5bb3b5374b938\ehres.dll
+ 2009-05-06 21:47 . 2009-06-27 07:37 66857107 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2006-11-02 10:24 . 2009-06-01 16:51 23635392 c:\windows\System32\mrt.exe
+ 2009-02-27 16:37 . 2009-02-27 16:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-06-13 19:12 . 2009-04-30 12:33 10111488 c:\windows\ehome\ehres.dll
.
-- Snapshot reset to current date --

jinky67

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-25 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\users\jinky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

jinky67

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43597A08-21ED-471C-AE18-6998A0F6D651}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{96CA63A0-F8AA-4E47-B4FE-550B6F339306}c:\\users\\jinky\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xdn869rm\\housecall66[1].exe"= UDP:c:\users\jinky\appdata\local\microsoft\windows\temporary internet files\content.ie5\xdn869rm\housecall66[1].exe:housecall66[1].exe
"UDP Query User{EEC6CC16-EB4E-4DC7-870A-3C904ECFCEC5}c:\\users\\jinky\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xdn869rm\\housecall66[1].exe"= TCP:c:\users\jinky\appdata\local\microsoft\windows\temporary internet files\content.ie5\xdn869rm\housecall66[1].exe:housecall66[1].exe
"{FE6BA825-D158-40DD-8868-79101F23E0F8}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{26F66326-08FF-47EF-A069-36CF7C6A5F9A}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{6991FC5A-4799-416D-A2AA-603411194143}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{132AACF6-9E35-430F-963D-CF879E042C08}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{5D85B81E-8A67-480C-8A48-917A9CB8B415}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{9CAE2C58-4310-47D8-AB9D-CFDA4841A0D9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{198EC51B-2544-4B8E-8CCC-B32803D3549A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C49605CD-F65D-4F4D-95F1-829F2E398DA1}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{8299B871-AE05-4EED-A0AE-6D7D335A1C14}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [07/01/2009 21:59 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [27/11/2008 13:26 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [07/01/2009 21:59 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [07/01/2009 21:58 51792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/02/2009 03:42 55264]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24/04/2008 10:21 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [06/02/2008 15:12 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [07/08/2008 17:24 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [24/10/2008 12:43 342016]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/08/2008 17:54 30192]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\User_Feed_Synchronization-{097E59B4-E338-4467-A135-E88C3842F328}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
FF - ProfilePath - c:\users\jinky\AppData\Roaming\Mozilla\Firefox\Profiles\j7p0uvx1.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=FomE3P9NvsszOwGr0I0ZUg&st=kwd&o=kwd&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&searchfor=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 16:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??

scanning hidden files ...


c:\users\jinky\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-27 16:33
ComboFix-quarantined-files.txt 2009-06-27 15:33
ComboFix2.txt 2009-04-20 16:23

Pre-Run: 47,213,998,080 bytes free
Post-Run: 46,866,087,936 bytes free

636 --- E O F --- 2009-06-26 06:23

aliEnRIK

Your definitely still infected

Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (this is to remove 'temp' files which carry an infection)
Then run the REGISTRY scan (Backup the registry when it asks)


Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\EncDec.dll
c:\windows\system32\psisdecd.dll
c:\windows\system32\win32k.sys
c:\windows\system32\divx_xx0c.dll
c:\windows\system32\divx_xx07.dll
c:\windows\system32\divx_xx0a.dll
c:\windows\system32\divx_xx16.dll
c:\windows\system32\divx_xx11.dll
c:\windows\system32\DivX.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ieencode.dll
c:\windows\system32\ieUnatt.exe
c:\windows\system32\localspl.dll


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1245225406761
Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds)
The scan will likely take anywhere from 5 to 12 hours to complete!

jinky67

aliEnRIK wrote: »

Your definitely still infected

Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (this is to remove 'temp' files which carry an infection)
Then run the REGISTRY scan (Backup the registry when it asks)


Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\EncDec.dll
c:\windows\system32\psisdecd.dll
c:\windows\system32\win32k.sys
c:\windows\system32\divx_xx0c.dll
c:\windows\system32\divx_xx07.dll
c:\windows\system32\divx_xx0a.dll
c:\windows\system32\divx_xx16.dll
c:\windows\system32\divx_xx11.dll
c:\windows\system32\DivX.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ieencode.dll
c:\windows\system32\ieUnatt.exe
c:\windows\system32\localspl.dll


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1245225406761
Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds)
The scan will likely take anywhere from 5 to 12 hours to complete!

:eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek:

you mean I must be MSEless for all that time:eek::eek::eek::eek::eek:

aliEnRIK

I think you can still use your computer (I wouldnt advise it mind)

jinky67

open notepad where sorry?
I am not technical at all :cool:

jinky67

found notepad, dont think i got the file into combofix though cos I couldnt find Combofix.txt anywhere