We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Active Desktop Recovery update with malwarebytes now email problem please help
Comments
-
sorry to bump this thread but am really worried to find out if i could have infected some one elses email,
supposed to be starting a new venture with this person and now this,feel guuted0 -
Just a message to say people are looking - but will need to wait for the real techies. Think the hijack log says there is mywebsearch which is a problem going around on 2 other boards. But please wait for some better guidance!0
-
TICK and FIX this in hijack ~
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZBzeb032YYGB
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
results from combofix,the active desktop recovery and white screen has gone,comp a bit slow can i ask aliEnrik please would i have affected other computers sending an email so i can then warn them and will i have to change all my passwords etc,thanks in advance.REALLY SORRY aliEnrik I COPIED EVERYTHING DOWN FORGOT TO ERASE STUFF YOU DONT NEED,SORRY
ComboFix 10-05-24.07 - martyn burke 25/05/2010 19:05:39.2.1 - x86
Running from: c:\documents and settings\martyn burke\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.
2010-05-25 05:49 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-25 05:48 . 2010-05-25 05:48
d
w- c:\windows\LastGood
2010-05-25 05:48 . 2010-05-25 05:48
d
w- c:\program files\Panda Security
2010-05-23 09:40 . 2010-05-23 09:40 61440 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41caab6b-n\decora-sse.dll
2010-05-23 09:40 . 2010-05-23 09:40 503808 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5c0e0be6-n\msvcp71.dll
2010-05-23 09:40 . 2010-05-23 09:40 348160 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5c0e0be6-n\msvcr71.dll
2010-05-23 09:40 . 2010-05-23 09:40 12800 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41caab6b-n\decora-d3d.dll
2010-05-23 09:40 . 2010-05-23 09:40 499712 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5c0e0be6-n\jmc.dll
2010-05-18 17:05 . 2010-05-18 17:05
d
w- c:\documents and settings\martyn burke\.fontconfig
2010-05-16 09:40 . 2010-05-16 09:40 503808 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-747ace25-n\msvcp71.dll
2010-05-16 09:40 . 2010-05-16 09:40 348160 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-747ace25-n\msvcr71.dll
2010-05-16 09:40 . 2010-05-16 09:40 61440 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30a2a432-n\decora-sse.dll
2010-05-16 09:40 . 2010-05-16 09:40 499712 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-747ace25-n\jmc.dll
2010-05-16 09:40 . 2010-05-16 09:40 12800 ----a-w- c:\documents and settings\martyn burke\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30a2a432-n\decora-d3d.dll
2010-04-28 14:00 . 2010-03-26 09:33 43008 ----a-w- c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-28 14:00 . 2010-03-26 09:33 339456 ----a-w- c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-28 14:00 . 2010-03-26 09:32 346112 ----a-w- c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-28 14:00 . 2010-03-26 09:33 1496064 ----a-w- c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 05:03 . 2007-01-28 13:14
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 07:23 . 2008-08-29 16:27
d
w- c:\program files\Mozilla Thunderbird
2010-05-19 15:37 . 2009-02-06 11:52 1 ----a-w- c:\documents and settings\martyn burke\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-18 17:44 . 2009-10-21 16:55
d
w- c:\documents and settings\martyn burke\Application Data\gtk-2.0
2010-05-12 21:16 . 2009-07-11 19:22
d
w- c:\documents and settings\martyn burke\Application Data\FileZilla
2010-05-12 17:23 . 2008-08-30 12:56
d
w- c:\program files\Defraggler
2010-05-12 17:17 . 2010-02-17 07:53
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 16:28 . 2009-05-29 15:56
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 10:21 . 2010-02-17 19:52 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-11 14:30 . 2010-02-21 19:36 117760 ----a-w- c:\documents and settings\martyn burke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-04 19:01 . 2008-09-30 11:47
d
w- c:\documents and settings\martyn burke\Application Data\Skype
2010-05-04 15:01 . 2008-09-20 08:05
d
w- c:\documents and settings\martyn burke\Application Data\skypePM
2010-04-29 14:39 . 2010-02-17 07:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-02-17 07:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 17:19 . 2009-07-11 19:21
d
w- c:\program files\FileZilla FTP Client
2010-03-10 06:15 . 2003-08-01 05:40 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2006-05-07 10:34 . 2005-05-11 08:26 278528 -c--a-w- c:\program files\Common Files\FDEUnInstaller.exe
2008-06-30 12:44 . 2008-06-24 08:07 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 -csha-w- c:\windows\system32\CdI5T.drv
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_16.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-25 05:34 . 2010-05-25 05:34 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2010-03-15 16:09 . 1997-02-12 20:27 68096 c:\windows\system32\Wbtrv32.dll
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-03-15 16:09 . 2001-05-11 22:47 65536 c:\windows\system32\TASXMLLib.dll
+ 2010-03-15 16:09 . 2007-06-29 15:46 28672 c:\windows\system32\TASTimer.dll
+ 2010-03-15 16:09 . 2005-11-29 15:11 61440 c:\windows\system32\TASSysHk.dll
+ 2010-03-15 16:09 . 2006-10-11 15:59 53248 c:\windows\system32\TASSGLib.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 16384 c:\windows\system32\SgESign.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 32768 c:\windows\system32\SgEMailConn2.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 90112 c:\windows\system32\SgEMailConn.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 45056 c:\windows\system32\SgELauncher.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 40960 c:\windows\system32\SgEEncrypt.dll
- 2002-09-10 07:44 . 2002-09-10 07:44 61440 c:\windows\system32\SageFolderBrowser.dll
+ 2007-07-09 16:08 . 2007-07-09 16:08 61440 c:\windows\system32\SageFolderBrowser.dll
+ 2007-07-06 08:31 . 2007-07-06 08:31 86016 c:\windows\system32\SageBankPayments.dll
+ 2007-07-06 08:31 . 2007-07-06 08:31 69632 c:\windows\system32\SageBankBalances.dll
+ 2010-03-15 16:09 . 2005-05-31 11:01 70656 c:\windows\system32\polspell.dll
+ 2003-08-01 05:40 . 2010-03-31 15:42 72850 c:\windows\system32\perfc009.dat
+ 2006-11-07 21:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 21:03 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
- 2008-07-09 17:34 . 2009-09-25 14:44 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-07-09 17:34 . 2010-02-18 15:19 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2003-08-01 05:40 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2003-08-01 05:40 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2010-04-07 17:02 . 2007-08-08 11:13 24448 c:\windows\system32\drivers\ewdcsc.sys
+ 2009-07-09 19:24 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-09 19:24 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-14 19:24 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-14 19:24 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-05-10 05:22 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2003-08-01 05:39 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2007-07-06 11:01 . 2007-07-06 11:01 61440 c:\windows\system32\BankServiceUtilities.dll
+ 2010-03-18 13:45 . 2010-03-18 13:45 22528 c:\windows\Installer\1401983.msi
- 2009-05-29 16:02 . 2010-01-12 17:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-15 16:11 . 2010-03-15 16:11 65536 c:\windows\Installer\{786547F9-59BB-4FA3-B2D8-327FF1F14870}\ARPPRODUCTICON.exe
+ 2008-10-25 08:18 . 2008-10-25 08:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 08:18 . 2008-10-25 08:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2010-05-12 16:09 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-03-15 16:10 . 2010-03-15 16:10 45056 c:\windows\assembly\GAC_MSIL\Sage.Protx.Vsp\1.0.2.1__b5f8059abecf6021\Sage.Protx.Vsp.dll
+ 2010-02-24 17:01 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 17:01 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-03-05 08:45 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165-v2\update\spcustom.dll
+ 2010-03-05 08:22 . 2010-02-24 15:25 16896 c:\windows\$hf_mig$\KB977165-v2\update\mpsyschk.dll
+ 2010-03-05 08:45 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977165-v2\spmsg.dll
+ 2010-02-24 17:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-24 17:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2010-03-11 17:19 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-11 17:19 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-02-18 15:15 . 2010-02-18 15:15 5632 c:\windows\system32\pndx5032.dll
- 2003-08-05 12:36 . 2006-11-02 12:05 5632 c:\windows\system32\pndx5032.dll
+ 2010-02-18 15:15 . 2010-02-18 15:15 6656 c:\windows\system32\pndx5016.dll
- 2003-08-05 12:36 . 2006-11-02 12:05 6656 c:\windows\system32\pndx5016.dll
+ 2003-08-01 05:40 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2010-03-15 16:09 . 1996-09-25 02:40 110080 c:\windows\system32\W32mkrc.dll
+ 2010-03-15 16:09 . 1996-10-08 05:22 320512 c:\windows\system32\W32mkde.exe
+ 2010-03-15 16:09 . 2009-01-19 23:00 139264 c:\windows\system32\TASSG.dll
+ 2006-04-12 12:11 . 2006-11-01 16:20 244543 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter251\acpdfui251.dll
- 2006-04-12 12:11 . 2006-04-12 12:11 244543 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter251\acpdfui251.dll
+ 2006-04-12 12:11 . 2006-11-01 16:20 403277 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter251\acpdf251.dll
+ 2007-07-09 16:07 . 2007-07-09 16:07 147456 c:\windows\system32\SGSTDREG.dll
+ 2007-07-09 16:07 . 2007-07-09 16:07 139264 c:\windows\system32\SGRegister.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 294912 c:\windows\system32\SgEMailConfig2.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 294912 c:\windows\system32\SgEMailbox2.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 110592 c:\windows\system32\SgEData.dll
+ 2010-03-15 16:09 . 2003-10-30 15:48 134144 c:\windows\system32\SfxBar.dll
+ 2007-07-06 08:30 . 2007-07-06 08:30 102400 c:\windows\system32\sageebanking.dll
+ 2007-07-06 08:31 . 2007-07-06 08:31 192512 c:\windows\system32\SageBankReconciliation.dll
+ 2010-02-18 15:15 . 2010-02-18 15:15 185920 c:\windows\system32\rmoc3260.dll
- 2003-08-05 12:36 . 2006-11-02 12:05 278528 c:\windows\system32\pncrt.dll
+ 2003-08-05 12:36 . 2010-02-18 15:15 278528 c:\windows\system32\pncrt.dll
+ 2003-08-01 05:40 . 2010-03-31 15:42 443886 c:\windows\system32\perfh009.dat
+ 2010-03-15 16:09 . 2006-11-01 15:50 126976 c:\windows\system32\PDFInstall.exe
+ 2003-08-01 05:40 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2003-08-01 05:40 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
- 2003-08-01 05:40 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2003-08-01 05:40 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2006-11-07 21:03 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-07 21:03 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 16:14 . 2007-06-11 16:14 190696 c:\windows\system32\Macromed\Flash\FlashUtil9d.exe
+ 2003-01-13 13:57 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2003-01-13 13:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2010-02-18 16:03 . 2009-12-17 17:14 153376 c:\windows\system32\javaws.exe
+ 2010-02-18 16:03 . 2009-12-17 17:14 145184 c:\windows\system32\javaw.exe
+ 2010-02-18 16:03 . 2009-12-17 17:14 145184 c:\windows\system32\java.exe
+ 2007-11-28 15:19 . 2007-11-28 15:19 184320 c:\windows\system32\Interop.MSXML2.dll
+ 2003-03-03 14:57 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2003-03-03 14:57 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2003-08-01 05:40 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
- 2003-08-01 05:40 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2003-08-01 05:40 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2003-08-01 05:40 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2003-08-01 05:40 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2003-08-01 05:40 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2010-03-15 16:09 . 1998-11-11 06:50 152688 c:\windows\system32\GSWDLL32.DLL
+ 2010-03-15 16:09 . 1998-11-11 06:50 242816 c:\windows\system32\GSWAG32.DLL
+ 2010-03-15 16:09 . 1998-11-11 06:50 423016 c:\windows\system32\GSW32.EXE
+ 2010-03-15 16:09 . 2007-06-18 15:24 315392 c:\windows\system32\dzactx.dll
+ 2010-03-15 16:09 . 2007-06-18 15:24 278528 c:\windows\system32\duzactx.dll
+ 2003-08-01 05:40 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2003-08-01 05:40 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-06-18 18:48 . 2009-12-02 15:23 149040 c:\windows\system32\drivers\MpFilter.sys
+ 2010-04-07 17:02 . 2007-08-08 11:12 101120 c:\windows\system32\drivers\ewusbmdm.sys
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-23 19:32 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-23 19:32 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-05-09 10:53 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2006-10-17 12:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 12:04 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-14 19:24 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-14 19:24 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-13 15:49 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-08-14 16:26 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-14 16:26 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-07-09 19:24 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:22 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 03:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 03:27 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 03:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 03:26 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-02-13 17:05 . 2009-12-17 17:14 411368 c:\windows\system32\deploytk.dll
+ 2010-03-05 08:22 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
+ 2010-03-15 16:09 . 2006-11-01 15:03 345088 c:\windows\system32\acfpdfuiia64.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 199168 c:\windows\system32\acfpdfuiamd64.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 244543 c:\windows\system32\acfpdfui.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 499712 c:\windows\system32\acfpdfuamd64.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 403277 c:\windows\system32\acfpdfu.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 285492 c:\windows\system32\acfpdfnt.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 334640 c:\windows\system32\acfpdf.drv
+ 2010-03-15 16:09 . 2006-11-01 16:20 509084 c:\windows\system32\acfpdf.dll
+ 2003-08-01 05:39 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-02-17 22:39 . 2010-02-17 22:39 301056 c:\windows\Installer\e68b1.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 140800 c:\windows\Installer\1f38447.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 144384 c:\windows\Installer\1f38433.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 557056 c:\windows\Installer\1f3842d.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 868352 c:\windows\Installer\1f38427.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 204288 c:\windows\Installer\1f38421.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 247296 c:\windows\Installer\1f3841b.msi
+ 2010-03-15 16:10 . 2010-03-15 16:10 267776 c:\windows\Installer\1f38415.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 192512 c:\windows\Installer\1f3840f.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 181248 c:\windows\Installer\1f38409.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 168960 c:\windows\Installer\1f38403.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 188928 c:\windows\Installer\1f383fd.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 189952 c:\windows\Installer\1f383f7.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 184320 c:\windows\Installer\1f383f1.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 283648 c:\windows\Installer\1f383eb.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 157184 c:\windows\Installer\1f383e5.msi
+ 2010-03-15 16:09 . 2010-03-15 16:09 252416 c:\windows\Installer\1f383df.msi
+ 2010-02-18 16:03 . 2010-02-18 16:03 178176 c:\windows\Installer\1b448e6.msi
+ 2010-03-10 12:34 . 2010-03-10 12:34 272384 c:\windows\Installer\122ad6.msi
+ 2010-03-10 12:32 . 2010-03-10 12:32 254976 c:\windows\Installer\122ab3.msi
+ 2010-02-18 15:00 . 2010-02-18 15:00 371272 c:\windows\Installer\{D103C4BA-0 -
F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-29 16:02 . 2010-05-12 16:26 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-25 07:52 . 2008-10-25 07:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 07:52 . 2008-10-25 07:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-05-12 16:10 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-05-12 16:10 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-05-12 16:10 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-05-12 16:09 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-05-12 16:09 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-05-12 16:09 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-05-12 16:09 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-05-12 16:09 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-05-12 16:09 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-02-24 17:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 17:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 17:03 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2008-11-13 15:49 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-02-24 17:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 17:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-03-05 08:45 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977165-v2$\spuninst\updspapi.dll
+ 2010-03-05 08:45 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977165-v2$\spuninst\spuninst.exe
+ 2010-03-11 17:19 . 2009-05-26 17:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-11 17:19 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-03-05 08:45 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977165-v2\update\updspapi.dll
+ 2010-03-05 08:45 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977165-v2\update\update.exe
+ 2010-03-05 08:45 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977165-v2\spuninst.exe
+ 2010-02-24 17:03 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-24 17:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-24 17:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-24 08:18 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2010-03-11 17:19 . 2009-05-26 17:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-11 17:19 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-11 17:19 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2004-10-25 10:39 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2006-04-12 11:11 . 2006-11-01 16:20 1966080 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter251\cdintf251.dll
+ 2008-01-31 14:07 . 2008-01-31 14:07 1576960 c:\windows\system32\SgESubmitter.dll
+ 2003-08-01 05:40 . 2010-02-17 08:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2004-10-25 10:39 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2006-10-17 11:57 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 11:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2010-02-19 23:47 . 2010-02-19 23:47 3604480 c:\windows\system32\GPhotos.scr
+ 2004-10-25 10:39 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 17:30 . 2010-02-17 08:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-08-12 17:12 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 17:12 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-05-19 15:08 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-11 11:32 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-05-14 19:24 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-14 19:24 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-22 01:11 . 2006-11-01 16:20 1966080 c:\windows\system32\cdintf251.dll
+ 2010-03-15 16:09 . 2006-11-01 16:20 1966080 c:\windows\system32\cdintf.dll
+ 2010-03-15 16:09 . 2006-11-01 15:03 1092096 c:\windows\system32\acfpdfuia64.dll
+ 2010-02-21 19:35 . 2010-02-21 19:35 1583616 c:\windows\Installer\28af2e5.msi
+ 2010-03-15 16:11 . 2010-03-15 16:11 3060224 c:\windows\Installer\1f3844d.msi
+ 2010-02-21 00:03 . 2010-02-21 00:03 4472832 c:\windows\Installer\1d404a8.msp
+ 2009-10-16 06:08 . 2009-10-16 06:08 2237952 c:\windows\Installer\1d40490.msp
+ 2010-02-18 15:00 . 2010-02-18 15:00 1565696 c:\windows\Installer\1781a6b.msi
+ 2010-02-18 14:55 . 2010-02-18 14:55 5527040 c:\windows\Installer\17819ea.msp
+ 2010-02-04 17:24 . 2010-02-04 17:24 9122304 c:\windows\Installer\1352d8c.msp
+ 2010-02-21 01:00 . 2010-02-21 01:00 8480768 c:\windows\Installer\1352d7a.msp
+ 2010-02-18 13:40 . 2010-02-18 13:40 3940352 c:\windows\Installer\12ff94c.msi
+ 2009-05-29 16:02 . 2010-05-12 16:26 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-05-29 16:02 . 2010-01-12 17:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-27 20:34 . 2009-10-27 20:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2008-08-25 22:50 . 2008-08-25 22:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-03-06 04:00 . 2009-03-06 04:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 10:49 . 2008-11-10 10:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-24 22:16 . 2008-11-24 22:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2010-05-12 16:09 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-05-12 16:09 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2008-10-16 17:30 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-05 08:45 . 2009-08-04 19:44 2189184 c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
+ 2010-03-05 08:45 . 2009-08-04 14:20 2023936 c:\windows\$NtUninstallKB977165-v2$\ntkrpamp.exe
+ 2010-03-05 08:45 . 2009-08-04 14:20 2066048 c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
+ 2010-03-05 08:45 . 2009-08-04 15:13 2145280 c:\windows\$NtUninstallKB977165-v2$\ntkrnlmp.exe
+ 2010-03-11 17:19 . 2008-04-14 00:12 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2009-12-09 13:22 . 2009-12-09 13:22 2189312 c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
+ 2010-03-05 08:22 . 2009-12-08 17:40 2023936 c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrpamp.exe
+ 2009-12-09 12:40 . 2009-12-09 12:40 2066176 c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
+ 2010-03-05 08:22 . 2009-12-08 18:20 2145280 c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlmp.exe
+ 2010-03-11 11:32 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2005-05-11 08:45 . 2010-04-30 10:51 32058312 c:\windows\system32\MRT.exe
+ 2006-11-07 21:03 . 2010-02-25 10:54 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-14 19:24 . 2010-02-25 10:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\56712.msp
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\2ab045b.msp
+ 2010-03-22 15:03 . 2010-03-22 15:03 11732992 c:\windows\Installer\1d404ba.msp
+ 2009-04-03 18:46 . 2009-04-03 18:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2010-05-12 16:09 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 356352]
"BinatoneInternetPhone"="c:\program files\Binatone Internet Phone\BinatoneInternetPhone.exe" [2007-06-29 413696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-06-23 1171456]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 88267]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Motive SmartBridge"="c:\progra~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe" [2006-05-24 458839]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-18 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\martyn burke\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-2-7 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-2-7 106496]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-12 967960]
Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2003-8-1 208896]
Timer Recording Manager.lnk - c:\program files\sony\giga pocket\ReserveModule.exe [2003-8-5 262144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2006-11-30 10:51 935936 ----a-w- c:\program files\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-10-04 15:12 2260992 ----a-w- c:\windows\kdx\khost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-02-12 16:59 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-01-10 16:41 223984 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\sony\\giga pocket\\gps.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 SonyKBS;Keyboard State Detection Service;c:\windows\system32\drivers\SonyKBS.sys [28/02/2003 14:12 7936]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2010 11:30 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27/08/2009 12:23 13224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [05/08/2008 17:45 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [05/08/2008 17:45 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [05/08/2008 17:45 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [05/08/2008 17:45 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [05/08/2008 17:45 100008]
S3 SASENUM;SASENUM;\??\c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\MARTYN~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005Core.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]0 -
2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005UA.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]
.
.
Supplementary Scan
.
uStart Page = hxxp://yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEyeCheck.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 19:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\progra~1\BTBROA~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2010-05-25 19:17:54
ComboFix-quarantined-files.txt 2010-05-25 18:17
Pre-Run: 5,368,885,248 bytes free
Post-Run: 5,333,880,832 bytes free
- - End Of File - - 110FAA7174AEED82CB055BF60C4A412B0 -
sorry to bump again and sorry for mistake in putting all info in last posts,just wondered if it is safe for me to be signing in to my accounts etc,really knocked my duck off somebody using my email for spam0
-
Log seems fine
Download CCLEANER (Cleans the computer)
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
Im thinking SAGE might be a part of the problem. From what ive seen the software is awful, and clearly its email related:idea:0 -
sorry about this just wondering if somebody could let me know if comp ok,start up was really slow and very sticky when using it and my antivirus is on but icon in toolbar has dissappeared,just wondered if this is relevant and what else i can do.
supposed be signing up to a site yesterday but still a bit wary with email etc,any more advice would be most welcome and thank you in advance0 -
sorry aliEnrik was writing post out when you must have posted will do what you say and get back0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards