Win.MSSQL.worm.Helkern

View previous topic View next topic Go down

Win.MSSQL.worm.Helkern

Post by Kado420 on 25th April 2010, 4:35 am

Network intrusion detected, trying to figure out how to stop this reoccuring problem, but first i guess i need to figure out what files this has placed on my computer

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Dr Jay on 25th April 2010, 7:11 pm

Hello. We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] and Save it to your desktop
  • Double click it to start the tool.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download [You must be registered and logged in to see this link.] to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 25th April 2010, 9:51 pm

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.6.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:412 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 15:38.37
Path : C:\Documents and Settings\Cade\Desktop\Rooter.exe
User : Cade ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (888)
______ \??\C:\WINDOWS\system32\csrss.exe (936)
______ \??\C:\WINDOWS\system32\winlogon.exe (964)
______ C:\WINDOWS\system32\services.exe (1016)
______ C:\WINDOWS\system32\lsass.exe (1028)
______ C:\WINDOWS\system32\Ati2evxx.exe (1216)
______ C:\WINDOWS\system32\svchost.exe (1248)
______ C:\WINDOWS\system32\svchost.exe (1352)
______ C:\WINDOWS\System32\svchost.exe (1484)
______ C:\WINDOWS\system32\svchost.exe (1696)
______ C:\WINDOWS\system32\svchost.exe (1844)
______ C:\WINDOWS\system32\spoolsv.exe (1968)
Locked avp.exe (400)
______ C:\WINDOWS\system32\inetsrv\inetinfo.exe (456)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (596)
______ C:\WINDOWS\system32\IoctlSvc.exe (704)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (744)
______ C:\WINDOWS\System32\snmp.exe (112)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1452)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2060)
______ C:\WINDOWS\System32\alg.exe (2188)
______ C:\WINDOWS\Explorer.EXE (3184)
______ C:\WINDOWS\stsystra.exe (4032)
Locked avp.exe (2220)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (2772)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3456)
______ C:\WINDOWS\system32\ctfmon.exe (1536)
______ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (3792)
Locked avp.exe (1716)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3368)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (3176)
Locked klwtblfs.exe (1396)
______ C:\WINDOWS\system32\wuauclt.exe (2004)
______ C:\Documents and Settings\Cade\Desktop\Rooter.exe (3016)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:500096991744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003UA.job
C:\WINDOWS\Tasks\Regwork.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:38.50
.
C:\Rooter$\Rooter_1.txt - (25/04/2010 | 15:38.50)




LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:40 on 25/04/2010 (Cade)
Scanning C:\


C:\pagefile.sys
-------------------------

-=E.O.F=-







CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\cade\my documents\my music\frooty loopz\fl studio 6.0.8 + crack.aka fruity loops+all plugins unlocked!(xxl edition)\fl studio 6.0.8_install.exe
c:\documents and settings\cade\my documents\my music\frooty loopz\fl studio 6.0.8 + crack.aka fruity loops+all plugins unlocked!(xxl edition)\flregkey.reg
c:\sun\sdk\docs\api\com\sun\appserv\web\cache\cachekeygenerator.html
scanner sequence 3.CP.11
----- EOF -----




heetah-Anti-Rogue v1.4.1
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 04/25/2010 - Time: 15:50:41 - Arch.: x86


-- Malware removal tools check --
Malwarebytes' Anti-Malware
SUPERAntiSpyware


-- Known infection --



Extra message: Detection only.


EOF

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 25th April 2010, 10:14 pm

I have recently formated everything trying to completly remove this from my computer but its caused alot of problems such as loosing all my drivers and programs. Ive tried to restore alot of the drivers from an external HD that i had some stored on. I have tried to get the rest and other things from windpws update but i keep getting Error number: 0x80072F8F saying the time is out of sync i have done the 3 reccomended resolutions which were no help. When i formatted all i had was an old xp sp2 disk that wasnt even what came with the system but i have manually upgraded to Sp 3 ad used a trial version of Drivermax to slowly try to get drivers but i can only get 2 a day. Ive been going back and fourth ajnd rebuilding/starting over for months now because of this guy. No matter what i do or how good i fix everything though it always returns and f*** shit up again. I just want to get rid of it once and for all. Im blue in the face and have litterally spent more then 60hours dealing with this mess and have lost hundreds of sollars worth pf programs i cant get back and payed a computer guy to fix a bunch of stuff which was usless cuz i had to format anyway.... Sorry lol had to vent

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Dr Jay on 26th April 2010, 3:27 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 26th April 2010, 8:33 am

I did what you asked but what about the windows update/
ComboFix 10-04-21.01 - Cade 04/26/2010 2:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1493 [GMT -6:00]
Running from: c:\documents and settings\Cade\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-25 21:38 . 2010-04-25 21:38 -------- d-----w- C:\Rooter$
2010-04-25 18:39 . 2010-04-25 18:39 -------- d-sh--w- c:\documents and settings\Cade\PrivacIE
2010-04-25 18:37 . 2010-04-25 18:37 -------- d-sh--w- c:\documents and settings\Cade\IETldCache
2010-04-25 18:33 . 2010-04-25 18:35 -------- dc-h--w- c:\windows\ie8
2010-04-25 06:14 . 2010-04-25 06:14 -------- d-----w- c:\windows\system32\en
2010-04-25 06:14 . 2010-04-25 06:14 -------- d-----w- c:\windows\system32\bits
2010-04-25 06:03 . 2010-04-25 06:15 -------- d-----w- c:\windows\ServicePackFiles
2010-04-25 05:21 . 2010-04-25 05:21 -------- d-----w- c:\documents and settings\Cade\Application Data\NeroDigital™
2010-04-25 02:42 . 2010-04-25 02:42 -------- d-----w- C:\$NtUninstallXPSEP$
2010-04-25 02:26 . 2010-04-25 02:26 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Adobe
2010-04-25 02:25 . 2010-04-25 02:25 -------- d-----w- c:\program files\MSECache
2010-04-25 02:24 . 2010-04-25 02:24 -------- d-----w- c:\program files\MSBuild
2010-04-25 02:23 . 2010-04-25 02:23 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-25 02:20 . 2010-04-25 02:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-25 02:20 . 2010-04-25 02:20 -------- d-----w- c:\program files\Reference Assemblies
2010-04-25 02:19 . 2009-08-15 02:49 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-25 02:19 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-25 02:14 . 2010-04-25 02:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-25 01:54 . 2010-04-25 01:54 52224 ----a-w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 01:53 . 2010-04-25 01:53 117760 ----a-w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com
2010-04-25 01:50 . 2010-04-25 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-22 02:06 . 2010-04-22 02:06 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Ahead
2010-04-22 02:04 . 2010-04-22 02:04 -------- d-----w- c:\documents and settings\Cade\Application Data\Nero
2010-04-22 02:01 . 2010-04-22 02:02 -------- d-----w- c:\program files\Common Files\Nero
2010-04-22 02:01 . 2010-04-22 02:01 -------- d-----w- c:\program files\Nero
2010-04-22 02:01 . 2010-04-22 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-22 00:14 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-22 00:09 . 2010-04-22 00:09 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-22 00:07 . 2010-04-22 00:08 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-21 23:56 . 2010-04-21 23:56 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Temp
2010-04-21 23:56 . 2010-04-21 23:57 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Google
2010-04-21 23:56 . 2010-04-21 23:56 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Deployment
2010-04-21 23:50 . 2010-04-25 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-21 23:50 . 2010-04-21 23:50 -------- d-----w- c:\program files\NOS
2010-04-21 23:50 . 2010-03-29 14:53 32576 ----a-w- c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-04-21 23:50 . 2010-03-29 14:53 29984 ----a-w- c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-04-21 23:47 . 2010-04-21 23:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-21 23:47 . 2010-04-21 23:47 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Mozilla
2010-04-19 05:49 . 2010-04-19 05:49 -------- d-----w- C:\Sun
2010-04-19 05:16 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-16 17:51 . 2010-04-19 03:49 -------- d-----w- C:\rei
2010-04-16 17:51 . 2010-04-16 17:51 -------- d-----w- c:\program files\Reimage
2010-04-15 20:00 . 2010-04-15 20:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-15 14:46 . 2007-08-07 06:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-04-15 14:46 . 2007-11-29 04:38 40056 ----a-w- c:\windows\system32\NicInst.dll
2010-04-15 13:25 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-15 04:47 . 2010-04-15 04:47 159744 ----a-w- c:\documents and settings\Cade\Application Data\UB\DownLoadInst\liveupdate.exe
2010-04-15 04:44 . 2010-04-15 05:12 -------- d-----w- c:\program files\UB
2010-04-15 04:44 . 2010-04-15 04:46 -------- d-----w- c:\documents and settings\Cade\Application Data\UB
2010-04-15 04:44 . 2010-04-15 04:44 -------- d-----w- c:\program files\_uninstallation_info
2010-04-15 03:20 . 2010-04-25 18:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Innovative Solutions
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\program files\Innovative Solutions
2010-04-15 02:41 . 2010-04-15 02:41 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\RadarSync
2010-04-15 02:41 . 2010-04-15 02:42 -------- d-----w- c:\program files\RadarSync
2010-04-15 01:40 . 2010-04-15 01:40 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-04-15 01:38 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2010-04-15 01:37 . 2008-04-14 11:42 6144 ----a-w- c:\windows\system32\snmpmib.dll
2010-04-15 01:37 . 2008-04-14 11:41 39936 ----a-w- c:\windows\system32\hostmib.dll
2010-04-15 01:37 . 2008-04-14 11:41 33792 ----a-w- c:\windows\system32\lmmib2.dll
2010-04-15 01:37 . 2010-04-22 00:07 -------- d-----w- c:\windows\system32\Logfiles
2010-04-15 01:37 . 2010-04-15 01:40 -------- d-----w- C:\Inetpub
2010-04-15 01:17 . 2010-04-15 01:18 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\ApplicationHistory
2010-04-15 01:15 . 2010-04-15 01:15 -------- d-----w- c:\windows\system32\URTTEMP
2010-04-15 00:45 . 2010-04-15 00:48 -------- d-----w- c:\windows\system32\NtmsData
2010-04-15 00:14 . 2010-04-15 00:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-14 23:09 . 2010-04-14 23:09 -------- d--h--w- c:\windows\PIF
2010-04-14 14:41 . 2010-04-14 14:41 -------- d-----w- c:\documents and settings\Cade\Application Data\Malwarebytes
2010-04-14 14:40 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 14:40 . 2010-04-14 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 14:40 . 2010-04-14 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 14:40 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 14:29 . 2010-04-14 14:29 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-14 14:29 . 2010-04-14 14:29 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-14 14:29 . 2010-04-14 14:29 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-14 14:29 . 2010-04-14 14:29 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-14 14:29 . 2010-04-14 14:29 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-14 14:28 . 2010-04-14 14:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-14 14:28 . 2010-04-14 14:28 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-04-14 14:00 . 2010-04-14 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-14 13:36 . 2010-04-14 13:36 -------- d-----w- c:\program files\Inspyre
2010-04-14 13:10 . 2010-04-14 13:12 -------- d-----w- c:\program files\InternetPeriscope
2010-04-14 12:22 . 2010-04-19 05:19 -------- d-----w- c:\program files\NetworkActiv AUTAPF 1.0
2010-04-14 12:09 . 2010-04-14 12:09 -------- d-----w- c:\program files\Advanced Port Scanner
2010-04-14 11:29 . 2010-04-14 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-04-14 11:20 . 2010-04-14 14:03 -------- d-----w- c:\documents and settings\Cade\Application Data\CheckPoint
2010-04-14 11:20 . 2010-04-14 14:04 -------- d-----w- c:\program files\CheckPoint
2010-04-14 11:20 . 2010-04-14 12:11 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-14 11:01 . 2010-04-14 11:01 -------- d-----w- c:\program files\Microsoft
2010-04-14 11:01 . 2010-04-14 11:01 -------- d-----w- c:\program files\MSN Toolbar
2010-04-14 11:01 . 2010-04-14 11:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-14 11:00 . 2010-04-14 11:01 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-04-14 11:00 . 2010-04-14 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-14 10:48 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-14 10:48 . 2010-04-19 05:16 -------- d--h--w- c:\windows\$hf_mig$
2010-04-14 10:46 . 2010-04-14 10:46 -------- d-sh--w- c:\documents and settings\Cade\UserData
2010-04-14 10:45 . 2010-04-25 05:15 16216 ----a-w- c:\documents and settings\Cade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 08:00 . 2006-06-16 19:11 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-14 08:00 . 2006-06-16 16:39 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-14 07:59 . 2006-02-10 03:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-04-14 07:58 . 2010-04-14 07:59 -------- d-----w- c:\program files\ATI Technologies
2010-04-14 06:46 . 2010-04-14 06:46 -------- d-----w- c:\program files\Intel
2010-04-14 06:46 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-14 06:46 . 2008-04-14 06:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-04-14 06:46 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-04-14 06:46 . 2008-04-14 06:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-04-14 06:46 . 2008-04-14 04:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-14 06:44 . 2010-04-14 23:10 -------- d-----w- C:\drvrtmp
2010-04-14 06:44 . 2007-12-14 18:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2010-04-14 06:44 . 2007-11-16 16:55 165496 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-04-14 06:44 . 2007-11-16 16:55 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-04-14 06:44 . 2004-11-16 23:52 126976 ----a-w- c:\windows\system32\Prounstl.exe
2010-04-14 06:44 . 2004-10-29 23:01 19456 ----a-w- c:\windows\system32\IntelNic.dll
2010-04-14 05:08 . 2010-04-25 06:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2010-04-14 05:08 . 2010-04-15 01:20 -------- d-s---w- c:\windows\system32\Microsoft
2010-04-14 05:08 . 2010-04-15 03:04 -------- d-sh--w- c:\documents and settings\LocalService
2010-04-14 05:02 . 2004-08-04 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2010-04-14 05:01 . 2004-08-04 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-04-14 05:01 . 2004-08-04 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-04-14 05:01 . 2004-08-04 12:00 15872 -c--a-w- c:\windows\system32\dllcache\chgport.exe
2010-04-14 05:01 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\chgusr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 08:17 . 2010-04-14 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-14 14:28 . 2010-04-14 14:28 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-04-14 14:28 . 2010-04-14 14:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-14 14:28 . 2010-04-14 14:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-14 14:28 . 2010-04-14 14:28 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-04-14 14:28 . 2010-04-14 14:28 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-04-14 14:28 . 2010-04-14 14:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-14 14:28 . 2010-04-14 14:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-14 14:28 . 2010-04-14 14:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-14 14:20 . 2010-04-14 14:20 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-14 14:20 . 2010-04-14 14:20 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-14 14:20 . 2010-04-14 14:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-14 07:59 . 2010-04-14 06:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 07:58 . 2010-04-14 06:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 06:45 . 2010-04-14 06:45 -------- d-----w- c:\program files\SigmaTel
2010-04-14 05:54 . 2010-04-14 05:00 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-14 04:57 . 2010-04-14 04:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-15 14:29 . 2010-02-15 14:29 972072 ----a-w- c:\windows\UNNeroMediaHome.exe
2010-02-07 11:41 . 2010-02-07 11:41 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-02-07 11:41 . 2010-02-07 11:41 1380403 ----a-w- c:\windows\system32\avgsdk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"Google Update"="c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-21 136176]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Cade\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2010-4-18 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\InternetPeriscope\\InternetPeriscope.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 DEVNEPLHIC;DEVNEPLHIC;c:\docume~1\Cade\LOCALS~1\Temp\DEVNEPLHIC.exe --> c:\docume~1\Cade\LOCALS~1\Temp\DEVNEPLHIC.exe [?]
S3 MEJ;MEJ;c:\docume~1\Cade\LOCALS~1\Temp\MEJ.exe --> c:\docume~1\Cade\LOCALS~1\Temp\MEJ.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003Core.job
- c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-21 23:56]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003UA.job
- c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-21 23:56]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-26 02:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-1563985344-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(628)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-26 02:19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-26 08:19

Pre-Run: 443,119,120,384 bytes free
Post-Run: 445,242,626,048 bytes free

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 26th April 2010, 1:03 pm

He attacked again so im gonna redo this stuff for you

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 26th April 2010, 1:43 pm

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.6.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:413 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 07:31.23
Path : C:\Documents and Settings\Cade\Desktop\Rooter.exe
User : Cade ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (892)
______ \??\C:\WINDOWS\system32\csrss.exe (940)
______ \??\C:\WINDOWS\system32\winlogon.exe (968)
______ C:\WINDOWS\system32\services.exe (1012)
______ C:\WINDOWS\system32\lsass.exe (1024)
______ C:\WINDOWS\system32\Ati2evxx.exe (1196)
______ C:\WINDOWS\system32\svchost.exe (1212)
______ C:\WINDOWS\system32\svchost.exe (1316)
______ C:\WINDOWS\System32\svchost.exe (1444)
______ C:\WINDOWS\system32\svchost.exe (1668)
______ C:\WINDOWS\system32\svchost.exe (1784)
______ C:\WINDOWS\system32\spoolsv.exe (1900)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (412)
______ C:\WINDOWS\system32\IoctlSvc.exe (608)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (652)
______ C:\WINDOWS\System32\snmp.exe (792)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (880)
______ C:\WINDOWS\System32\alg.exe (1380)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1404)
______ C:\WINDOWS\stsystra.exe (2484)
______ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (2844)
______ C:\Program Files\Innovative Solutions\DriverMax\devices.exe (3628)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3800)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (252)
______ C:\WINDOWS\explorer.exe (628)
______ C:\WINDOWS\system32\notepad.exe (3572)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (1428)
______ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (3156)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2868)
______ C:\WINDOWS\system32\wuauclt.exe (3152)
______ C:\WINDOWS\system32\rundll32.exe (2552)
Locked avp.exe (308)
Locked avp.exe (2784)
______ C:\WINDOWS\system32\wuauclt.exe (3984)
______ C:\WINDOWS\system32\msiexec.exe (2336)
______ C:\WINDOWS\system32\NOTEPAD.EXE (2168)
______ C:\WINDOWS\system32\NOTEPAD.EXE (2716)
______ C:\WINDOWS\system32\inetsrv\inetinfo.exe (3564)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3340)
______ C:\Documents and Settings\Cade\Desktop\Rooter.exe (2692)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:500096991744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003UA.job
C:\WINDOWS\Tasks\OGALogon.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WGASetup.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 07:31.37
.
C:\Rooter$\Rooter_2.txt - (26/04/2010 | 07:31.37)


LockSearch by jpshortstuff (05.11.09.1)
Log created at 07:33 on 26/04/2010 (Cade)
Scanning C:\


C:\pagefile.sys
-------------------------

-=E.O.F=-

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Kado420 on 26th April 2010, 1:54 pm

omboFix 10-04-21.01 - Cade 04/26/2010 7:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -6:00]
Running from: c:\documents and settings\Cade\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_000019_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 13:24 . 2010-04-26 13:24 -------- d-----w- c:\windows\system32\KB905474
2010-04-26 13:24 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-26 13:24 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-26 13:04 . 2010-04-26 13:26 -------- d-----w- c:\windows\ie8updates
2010-04-26 13:03 . 2010-04-26 13:03 -------- d-----w- c:\program files\MSXML 4.0
2010-04-26 12:59 . 2010-03-05 18:45 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2010-04-26 12:59 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-04-26 12:59 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-04-26 12:58 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-26 12:58 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-26 12:58 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-26 12:58 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-26 12:58 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-26 12:55 . 2010-04-26 12:55 -------- d-----w- c:\windows\LastGood
2010-04-26 10:17 . 2010-04-26 10:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-25 21:38 . 2010-04-26 13:31 -------- d-----w- C:\Rooter$
2010-04-25 18:39 . 2010-04-25 18:39 -------- d-sh--w- c:\documents and settings\Cade\PrivacIE
2010-04-25 18:37 . 2010-04-25 18:37 -------- d-sh--w- c:\documents and settings\Cade\IETldCache
2010-04-25 18:33 . 2010-04-25 18:35 -------- dc-h--w- c:\windows\ie8
2010-04-25 06:14 . 2010-04-25 06:14 -------- d-----w- c:\windows\system32\en
2010-04-25 06:14 . 2010-04-25 06:14 -------- d-----w- c:\windows\system32\bits
2010-04-25 06:03 . 2010-04-25 06:15 -------- d-----w- c:\windows\ServicePackFiles
2010-04-25 05:21 . 2010-04-25 05:21 -------- d-----w- c:\documents and settings\Cade\Application Data\NeroDigital™
2010-04-25 02:42 . 2010-04-25 02:42 -------- d-----w- C:\$NtUninstallXPSEP$
2010-04-25 02:26 . 2010-04-25 02:26 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Adobe
2010-04-25 02:25 . 2010-04-25 02:25 -------- d-----w- c:\program files\MSECache
2010-04-25 02:24 . 2010-04-25 02:24 -------- d-----w- c:\program files\MSBuild
2010-04-25 02:23 . 2010-04-25 02:23 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-25 02:20 . 2010-04-25 02:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-25 02:20 . 2010-04-25 02:20 -------- d-----w- c:\program files\Reference Assemblies
2010-04-25 02:19 . 2009-08-15 02:49 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-25 02:19 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-25 02:14 . 2010-04-25 02:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-25 01:54 . 2010-04-25 01:54 52224 ----a-w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 01:53 . 2010-04-25 01:53 117760 ----a-w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 01:51 . 2010-04-25 01:51 -------- d-----w- c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com
2010-04-25 01:50 . 2010-04-25 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-22 02:06 . 2010-04-22 02:06 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Ahead
2010-04-22 02:04 . 2010-04-22 02:04 -------- d-----w- c:\documents and settings\Cade\Application Data\Nero
2010-04-22 02:01 . 2010-04-22 02:02 -------- d-----w- c:\program files\Common Files\Nero
2010-04-22 02:01 . 2010-04-22 02:01 -------- d-----w- c:\program files\Nero
2010-04-22 02:01 . 2010-04-22 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-22 00:14 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-22 00:09 . 2010-04-22 00:09 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-22 00:07 . 2010-04-22 00:08 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-21 23:56 . 2010-04-21 23:56 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Temp
2010-04-21 23:56 . 2010-04-21 23:57 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Google
2010-04-21 23:56 . 2010-04-21 23:56 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Deployment
2010-04-21 23:50 . 2010-04-25 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-21 23:50 . 2010-04-21 23:50 -------- d-----w- c:\program files\NOS
2010-04-21 23:50 . 2010-03-29 14:53 32576 ----a-w- c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-04-21 23:50 . 2010-03-29 14:53 29984 ----a-w- c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-04-21 23:47 . 2010-04-21 23:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-21 23:47 . 2010-04-21 23:47 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Mozilla
2010-04-19 05:49 . 2010-04-19 05:49 -------- d-----w- C:\Sun
2010-04-19 05:16 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-16 17:51 . 2010-04-19 03:49 -------- d-----w- C:\rei
2010-04-16 17:51 . 2010-04-16 17:51 -------- d-----w- c:\program files\Reimage
2010-04-15 20:00 . 2010-04-15 20:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-15 14:46 . 2007-08-07 06:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-04-15 14:46 . 2007-11-29 04:38 40056 ----a-w- c:\windows\system32\NicInst.dll
2010-04-15 13:25 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-15 04:47 . 2010-04-15 04:47 159744 ----a-w- c:\documents and settings\Cade\Application Data\UB\DownLoadInst\liveupdate.exe
2010-04-15 04:44 . 2010-04-15 05:12 -------- d-----w- c:\program files\UB
2010-04-15 04:44 . 2010-04-15 04:46 -------- d-----w- c:\documents and settings\Cade\Application Data\UB
2010-04-15 04:44 . 2010-04-15 04:44 -------- d-----w- c:\program files\_uninstallation_info
2010-04-15 03:20 . 2010-04-25 18:04 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\Innovative Solutions
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-04-15 03:03 . 2010-04-15 03:03 -------- d-----w- c:\program files\Innovative Solutions
2010-04-15 02:41 . 2010-04-15 02:41 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\RadarSync
2010-04-15 02:41 . 2010-04-15 02:42 -------- d-----w- c:\program files\RadarSync
2010-04-15 01:40 . 2010-04-15 01:40 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-04-15 01:38 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2010-04-15 01:37 . 2008-04-14 11:42 6144 ----a-w- c:\windows\system32\snmpmib.dll
2010-04-15 01:37 . 2008-04-14 11:41 39936 ----a-w- c:\windows\system32\hostmib.dll
2010-04-15 01:37 . 2008-04-14 11:41 33792 ----a-w- c:\windows\system32\lmmib2.dll
2010-04-15 01:37 . 2010-04-22 00:07 -------- d-----w- c:\windows\system32\Logfiles
2010-04-15 01:37 . 2010-04-15 01:40 -------- d-----w- C:\Inetpub
2010-04-15 01:17 . 2010-04-15 01:18 -------- d-----w- c:\documents and settings\Cade\Local Settings\Application Data\ApplicationHistory
2010-04-15 01:15 . 2010-04-15 01:15 -------- d-----w- c:\windows\system32\URTTEMP
2010-04-15 00:45 . 2010-04-15 00:48 -------- d-----w- c:\windows\system32\NtmsData
2010-04-15 00:14 . 2010-04-15 00:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-14 23:09 . 2010-04-14 23:09 -------- d--h--w- c:\windows\PIF
2010-04-14 14:41 . 2010-04-14 14:41 -------- d-----w- c:\documents and settings\Cade\Application Data\Malwarebytes
2010-04-14 14:40 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 14:40 . 2010-04-14 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 14:40 . 2010-04-14 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 14:40 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 14:29 . 2010-04-14 14:29 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-14 14:29 . 2010-04-14 14:29 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-14 14:29 . 2010-04-14 14:29 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-14 14:29 . 2010-04-14 14:29 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-14 14:29 . 2010-04-14 14:29 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-14 14:28 . 2010-04-14 14:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-14 14:28 . 2010-04-14 14:28 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-04-14 14:00 . 2010-04-14 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-14 13:36 . 2010-04-14 13:36 -------- d-----w- c:\program files\Inspyre
2010-04-14 13:10 . 2010-04-14 13:12 -------- d-----w- c:\program files\InternetPeriscope
2010-04-14 12:22 . 2010-04-19 05:19 -------- d-----w- c:\program files\NetworkActiv AUTAPF 1.0
2010-04-14 12:09 . 2010-04-14 12:09 -------- d-----w- c:\program files\Advanced Port Scanner
2010-04-14 11:32 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-14 11:31 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-14 11:31 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-14 11:29 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-14 11:29 . 2010-04-14 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-04-14 11:29 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-14 11:28 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-14 11:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-14 11:28 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-14 11:27 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-14 11:27 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-14 11:27 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-14 11:27 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-14 11:20 . 2010-04-14 14:03 -------- d-----w- c:\documents and settings\Cade\Application Data\CheckPoint
2010-04-14 11:20 . 2010-04-14 14:04 -------- d-----w- c:\program files\CheckPoint
2010-04-14 11:20 . 2010-04-14 12:11 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-14 11:01 . 2010-04-14 11:01 -------- d-----w- c:\program files\Microsoft
2010-04-14 11:01 . 2010-04-14 11:01 -------- d-----w- c:\program files\MSN Toolbar
2010-04-14 11:01 . 2010-04-26 13:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-14 11:00 . 2010-04-14 11:01 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-04-14 11:00 . 2010-04-14 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-14 10:48 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 12:58 . 2010-04-14 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-14 14:28 . 2010-04-14 14:28 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-04-14 14:28 . 2010-04-14 14:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-14 14:28 . 2010-04-14 14:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-14 14:28 . 2010-04-14 14:28 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-04-14 14:28 . 2010-04-14 14:28 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-04-14 14:28 . 2010-04-14 14:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-14 14:28 . 2010-04-14 14:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-14 14:28 . 2010-04-14 14:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-14 14:20 . 2010-04-14 14:20 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-14 14:20 . 2010-04-14 14:20 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-14 14:20 . 2010-04-14 14:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-14 07:59 . 2010-04-14 06:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 07:58 . 2010-04-14 06:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 06:45 . 2010-04-14 06:45 -------- d-----w- c:\program files\SigmaTel
2010-04-14 05:54 . 2010-04-14 05:00 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-14 04:57 . 2010-04-14 04:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 17:54 . 2010-02-25 17:54 11070976 ------w- c:\windows\system32\SET122.tmp
2010-02-25 06:24 . 2010-04-26 12:58 916480 ----a-w- c:\windows\system32\SET117.tmp
2010-02-25 06:24 . 2010-04-26 12:58 1209344 ----a-w- c:\windows\system32\SET118.tmp
2010-02-25 06:24 . 2010-04-26 12:58 5944832 ----a-w- c:\windows\system32\SET11B.tmp
2010-02-25 06:24 . 2010-04-26 12:58 594432 ------w- c:\windows\system32\SET11D.tmp
2010-02-25 06:24 . 2010-04-26 12:58 55296 ------w- c:\windows\system32\SET11C.tmp
2010-02-25 06:24 . 2010-04-26 12:58 1985536 ------w- c:\windows\system32\SET120.tmp
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 14:29 . 2010-02-15 14:29 972072 ----a-w- c:\windows\UNNeroMediaHome.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-07 11:41 . 2010-02-07 11:41 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-02-07 11:41 . 2010-02-07 11:41 1380403 ----a-w- c:\windows\system32\avgsdk.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 05:42 . 2009-06-29 05:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2010-04-25 06:15 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2010-04-14 04:56 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2010-04-14 04:56 . 2008-04-14 11:42 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 12:00 . 2008-08-28 07:46 74752 c:\windows\system32\msw3prt.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 11264 c:\windows\system32\msrle32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2010-04-14 04:56 . 2008-04-14 11:42 58880 c:\windows\system32\msdtclog.dll
+ 2010-04-14 04:56 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2009-03-08 10:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2008-08-28 07:46 . 2008-08-28 07:46 74752 c:\windows\system32\dllcache\msw3prt.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2009-03-08 10:33 . 2009-03-08 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 10:33 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2010-04-14 11:30 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2004-08-04 12:00 . 2008-04-14 11:41 84992 c:\windows\system32\avifil32.dll
+ 2009-06-25 01:56 . 2009-06-25 01:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2009-06-25 01:56 . 2009-06-25 01:56 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2008-05-28 06:49 . 2008-05-28 06:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 01:09 . 2003-02-21 01:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 01:09 . 2003-02-21 01:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 06:32 . 2004-07-15 06:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 07:30 . 2008-05-28 07:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 07:49 . 2004-07-15 07:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-04-26 13:03 . 2010-04-26 13:03 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-04-26 13:27 . 2010-04-26 13:27 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-25 02:25 . 2010-04-25 02:25 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-04-26 13:03 . 2010-04-26 13:03 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-04-26 13:06 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-26 13:06 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-26 13:06 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7c97090f\System.Drawing.Design.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2554e284\CustomMarshalers.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2006-12-22 19:02 . 2006-12-22 19:02 6144 c:\windows\system32\mui\0409\mscorees.dll
- 2005-09-23 13:29 . 2005-09-23 13:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 03:47 . 2008-06-25 00:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 03:47 . 2006-10-19 03:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2008-06-18 11:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-04 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-04 12:00 . 2008-08-28 07:46 104960 c:\windows\system32\win32spl.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 172032 c:\windows\system32\scrrun.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
- 2004-08-04 12:00 . 2008-04-14 11:42 180224 c:\windows\system32\scrobj.dll
+ 2009-08-03 21:07 . 2009-08-03 21:07 230768 c:\windows\system32\OGAEXEC.exe
+ 2009-08-03 21:07 . 2009-08-03 21:07 403816 c:\windows\system32\OGACheckControl.dll
+ 2009-08-03 21:07 . 2009-08-03 21:07 322928 c:\windows\system32\OGAAddin.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-03-08 10:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\msscp.dll
+ 2010-04-14 04:56 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2010-04-14 04:56 . 2008-04-14 11:42 343040 c:\windows\system32\mspaint.exe
- 2010-04-14 04:56 . 2008-04-14 11:42 161792 c:\windows\system32\msdtcuiu.dll
+ 2010-04-14 04:56 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2010-04-14 04:56 . 2008-04-14 11:42 956928 c:\windows\system32\msdtctm.dll
+ 2010-04-14 04:56 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2010-04-14 04:56 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-22 18:28 . 2006-12-22 18:28 271360 c:\windows\system32\mscoree.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2008-06-18 07:09 100864 c:\windows\system32\logagent.exe
- 2004-08-04 12:00 . 2006-10-19 02:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2004-08-04 12:00 . 2008-04-14 11:41 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-04 12:00 . 2009-03-08 10:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2010-04-15 01:39 . 2010-04-26 13:12 216832 c:\windows\system32\inetsrv\MetaBase.bin
+ 2004-08-04 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-03-08 10:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2010-04-25 05:59 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-04 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2004-08-04 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2008-06-18 11:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2010-04-14 11:30 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2010-04-14 11:30 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-03-08 10:34 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-08-28 07:46 . 2008-08-28 07:46 104960 c:\windows\system32\dllcache\win32spl.dll
+ 2009-03-08 10:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2009-03-08 10:33 . 2009-03-08 10:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2007-06-27 04:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2010-04-14 11:30 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2010-04-14 11:30 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-01-08 00:20 . 2009-01-08 00:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-08 00:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2010-04-14 11:30 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2010-04-14 11:30 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2010-04-14 11:30 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-03-08 10:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2010-04-14 11:30 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-03-08 10:32 . 2009-03-08 10:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 10:32 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00 . 2006-10-19 02:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2008-06-18 07:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-03-08 10:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-03-08 10:33 . 2009-03-08 10:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 10:31 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 20:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 10:32 . 2009-03-08 10:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 10:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2010-04-14 11:30 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2010-04-14 11:30 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
- 2004-08-04 12:00 . 2008-04-14 11:41 617472 c:\windows\system32\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 06:33 . 2004-07-15 06:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:25 . 2004-07-15 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 07:49 . 2004-07-15 07:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 07:30 . 2008-05-28 07:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-04-26 13:16 . 2010-04-26 13:16 119296 c:\windows\Installer\107cebc.msi
+ 2010-04-26 13:03 . 2010-04-26 13:03 432640 c:\windows\Installer\107ce97.msi
+ 2010-04-26 13:03 . 2010-04-26 13:03 429568 c:\windows\Installer\107ce90.msi
+ 2004-08-04 12:00 . 2007-06-27 04:10 317440 c:\windows\inf\unregmp2.exe
+ 2010-04-26 13:09 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-26 13:09 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-26 13:09 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-04-26 13:06 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-26 13:06 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-26 13:06 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-26 13:06 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-26 13:06 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-26 13:06 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-26 13:06 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-26 13:06 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-26 13:06 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-26 13:06 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-04-26 13:26 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-04-26 13:26 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-04-26 13:26 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-04-26 13:04 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-04-26 13:04 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-04-26 13:04 . 2009-03-08 10:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-04-14 11:31 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-14 11:32 . 2008-06-13 11:05 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2010-04-26 13:09 . 2010-04-26 13:09 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a5e09b0d\System.Drawing.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_22b1d607\System.Drawing.Design.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_69882022\CustomMarshalers.dll
+ 2010-04-14 11:31 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 22:42 . 2008-09-30 22:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-04 12:00 . 2009-05-20 10:56 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2006-09-01 18:08 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2010-04-14 04:56 . 2009-06-10 15:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-04 12:00 . 2009-05-20 10:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-14 13:21 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 10:34 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-04-14 11:30 . 2010-02-17 15:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-04-14 11:30 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 01:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-04-14 11:30 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-04-25 06:15 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2010-04-14 04:56 . 2009-06-10 15:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-03-08 10:41 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-28 07:35 . 2008-05-28 07:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 07:35 . 2008-05-28 07:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 06:43 . 2008-05-28 06:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-02-21 07:00 . 2010-02-21 07:00 8480768 c:\windows\Installer\107ceb6.msp
+ 2010-04-26 13:06 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-26 13:06 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-26 13:06 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-04-14 11:30 . 2010-02-17 15:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-14 11:30 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 01:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-14 11:30 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-26 13:09 . 2010-04-26 13:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_edc9a9f9\System.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ec5e54de\System.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fabc818b\System.Xml.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b418e3b2\System.Xml.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_685575e0\System.Windows.Forms.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3aaaed8c\System.Windows.Forms.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b85ca0f6\System.Drawing.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3d1b928f\System.Design.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1888930a\System.Design.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c1344801\mscorlib.dll
+ 2010-04-26 13:09 . 2010-04-26 13:09 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5a4b5cbe\mscorlib.dll
+ 2010-04-26 13:08 . 2010-04-26 13:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-04-26 13:08 . 2010-04-26 13:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-04 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-02-25 17:54 . 2010-02-25 17:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 03:08 . 2009-08-11 03:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2010-03-22 22:03 . 2010-03-22 22:03 11732992 c:\windows\Installer\107ceca.msp
+ 2010-04-26 13:22 . 2010-04-26 13:22 15710720 c:\windows\Installer\107cec3.msp
+ 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\107ceaf.msp
+ 2009-08-17 23:39 . 2009-08-17 23:39 15119720 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\XL12CNV.EXE
+ 2009-08-17 22:40 . 2009-08-17 22:40 17309040 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\MSO.DLL
+ 2010-04-26 13:06 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"Google Update"="c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-21 136176]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Cade\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2010-4-18 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\InternetPeriscope\\InternetPeriscope.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 DEVNEPLHIC;DEVNEPLHIC;c:\docume~1\Cade\LOCALS~1\Temp\DEVNEPLHIC.exe --> c:\docume~1\Cade\LOCALS~1\Temp\DEVNEPLHIC.exe [?]
S3 MEJ;MEJ;c:\docume~1\Cade\LOCALS~1\Temp\MEJ.exe --> c:\docume~1\Cade\LOCALS~1\Temp\MEJ.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003Core.job
- c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-21 23:56]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1563985344-725345543-1003UA.job
- c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-21 23:56]

2010-04-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-04-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-26 04:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Cade\Application Data\Mozilla\Firefox\Profiles\4cbnuwlv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Cade\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-26 07:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-1563985344-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Cade\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Completion time: 2010-04-26 07:52:01
ComboFix-quarantined-files.txt 2010-04-26 13:51
ComboFix2.txt 2010-04-26 08:19

Pre-Run: 444,008,509,440 bytes free
Post-Run: 443,970,760,704 bytes free

Kado420
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-03-09
OS OS : Windows XP Home
Points Points : 25127
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win.MSSQL.worm.Helkern

Post by Dr Jay on 27th April 2010, 1:55 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:

    killall::

    Driver::
    DEVNEPLHIC
    MEJ

    Extra::
    c:\docume~1\Cade\LOCALS~1\Temp\DEVNEPLHIC.exe
    c:\docume~1\Cade\LOCALS~1\Temp\MEJ.exe

    FileLook::
    c:\windows\system32\eventlog.dll
    c:\windows\system32\netlogon.dll

    DirLook::
    c:\documents and settings\cade\local settings\temp

    Rootkit::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum