Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Protector - Unable to remove!


  • This topic is locked This topic is locked
5 replies to this topic

#1 joquav

joquav

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 06 January 2013 - 01:01 PM

Trying to repair my mom's computer - got infected somehow with Systems Protector and can't seem to get rid of it. I've tried most all of the things suggested on your site as well as several others that I usually refer to when I'm stuck on something, including running several programs such as AntiMalwareBytes, to no avail. I am still getting a 'Windows cannot connect to internet using http https or ftp' message. Attached are my text files from your dds that I ran on the infected computer. Any help would be greatly appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 joquav

joquav
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 06 January 2013 - 01:12 PM

I goofed on that last post, I attahced both files rather than putting it here, so here goes again. I trying to fix my Mom's computer - she somehow got infected with Systems Protector, and I've been unable to remove it. I've tried a number of antimalware programs (I've tried them in Safe Mode with Networking as well) that have been suggested here and a couple of other sites that I often refer to, to no avail. Anytime I try to get online, whether it be with IExporer or Google Chrome,I get a 'Windows cannot connect to internet using http https or ftp' message. My text file is here below, and I've attached my other file.Any help would be greatly appreciated! Thanks!





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dan at 9:45:48 on 2003-10-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1030 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - LocalServer32 - <no file>
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.8.8.5\bh\claro.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Shop to Win: {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} -
BHO: CouponAmazing: {49376E92-5849-4344-AE83-7EF1DE077E46} - c:\documents and settings\dan\local settings\application data\couponamazing\ie\couponamazing_1356730502.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f01858c7-2a68-4d93-9e22-502eae3917c2} - <orphaned>
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - LocalServer32 - <no file>
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.8.8.5\claroTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced System Protector_startup] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [McAfee Update] c:\docume~1\dan\locals~1\temp\mcupdate_1065603988.exe /insfin c:\docume~1\dan\locals~1\temp\mcupdate_1065603988.ini /syncfin
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [StartNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Advanced System Protector_startup] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298933791765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342143006108
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6CA507C2-9882-44E2-A409-C50689825DDE} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\all users\application data\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-28 2469992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-6-14 109064]
S1 SASKUTIL;SASKUTIL;\??\f:\saskutil.sys --> f:\SASKUTIL.SYS [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
=============== Created Last 30 ================
.
2013-01-04 18:56:48 -------- d-----w- C:\aebd83f776627ff3a753fc94c047bd
2013-01-04 18:54:37 -------- d-----w- C:\1aa55a1fbf6c0b43aff884
2013-01-04 18:54:04 -------- d-----w- C:\c29fbef41826d28b57e3dd
2013-01-04 18:53:18 -------- d-----w- C:\e53697944a1ff223cccc42697874
2013-01-04 18:47:55 -------- d-----w- C:\ad91d474ac69c1961f4e7391ee1b
2013-01-03 19:55:30 -------- d-----w- c:\documents and settings\all users\application data\0C45990B32C6108B00000C458CCB15FB
2012-12-28 23:48:38 -------- d-----w- c:\documents and settings\dan\local settings\application data\WMTools Downloaded Files
2012-12-28 21:41:37 -------- d-----w- c:\windows\system32\Extensions
2012-12-28 21:41:35 -------- d-----w- c:\windows\system32\searchplugins
2012-12-28 21:41:25 -------- d-----w- c:\documents and settings\all users\application data\BrowserProtect
2012-12-28 21:41:10 -------- d-----w- c:\program files\Claro LTD
2012-12-28 21:40:24 -------- d-----w- c:\documents and settings\dan\application data\Claro LTD
2012-12-28 21:39:54 -------- d-----w- c:\documents and settings\dan\local settings\application data\couponamazing
2012-12-22 17:24:22 -------- d-----w- c:\documents and settings\dan\application data\FreePriceAlerts
2012-12-22 17:22:02 -------- d-----w- c:\program files\RealNetworks
2012-12-22 17:21:57 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2012-12-22 17:21:33 -------- d-----w- c:\program files\common files\xing shared
2012-12-22 17:17:30 -------- d-----w- c:\program files\FreePriceAlerts
2012-12-22 17:17:29 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-12-20 13:58:07 -------- d-----w- c:\documents and settings\dan\local settings\application data\Secunia PSI
2012-12-20 13:57:48 -------- d-----w- c:\program files\Secunia
2012-11-02 02:02:42 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2012-10-02 18:04:21 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-09-04 16:41:52 -------- d-----w- c:\documents and settings\dan\local settings\application data\StartNow
2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-23 02:09:06 -------- d-----w- c:\program files\MumboJumbo
2012-08-23 01:43:42 -------- d-----w- c:\program files\Scholastic
2012-08-16 22:12:06 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-08-11 17:39:57 -------- d-----w- C:\e
2012-08-11 17:39:56 -------- d-----w- C:\Data
2012-07-28 21:44:07 -------- d-----w- c:\program files\World of Warcraft
2012-07-06 13:58:51 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-07-03 04:44:49 -------- d-----w- c:\documents and settings\dan\local settings\application data\APN
2012-07-03 04:44:24 -------- d-----w- c:\documents and settings\dan\local settings\application data\WeatherBug
2012-07-03 04:44:18 -------- d-----w- c:\documents and settings\dan\application data\WeatherBug
2012-07-03 04:43:20 -------- d-----w- c:\program files\AWS
2012-07-02 16:59:24 -------- d-----w- c:\program files\VS Revo Group
2012-07-02 16:24:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-01 03:56:23 -------- d-----w- c:\documents and settings\all users\application data\Systweak
2012-07-01 03:56:22 -------- d-----w- c:\program files\Advanced System Protector
2012-07-01 03:55:29 -------- d-----w- c:\documents and settings\dan\application data\Systweak
2012-07-01 03:55:26 17320 ----a-w- c:\windows\system32\roboot.exe
2012-07-01 03:55:22 -------- d-----w- c:\program files\RegClean Pro
2012-07-01 03:47:41 -------- d-----w- c:\documents and settings\dan\local settings\application data\Threat Expert
2012-07-01 03:35:30 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-01 03:35:30 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-07-01 03:35:29 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-01 03:35:29 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-01 03:35:29 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-01 03:08:10 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-01 03:08:10 -------- d-----w- c:\program files\common files\PC Tools
2012-07-01 03:08:09 -------- d-----w- c:\program files\PC Tools
2012-07-01 03:07:03 -------- d-----w- c:\documents and settings\dan\application data\TestApp
2012-07-01 03:07:03 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-07-01 01:59:44 -------- d-----w- c:\documents and settings\dan\local settings\application data\visi_coupon
2012-07-01 01:55:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-07-01 01:46:34 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
2012-07-01 01:36:25 -------- d-----w- c:\program files\PC Optimizer Pro
2012-07-01 01:36:01 -------- d-----w- c:\program files\Freeze.com
2012-07-01 01:35:45 -------- d-----w- c:\documents and settings\dan\local settings\application data\SavingsApp
2012-07-01 01:35:10 -------- d-----w- c:\program files\Yahoo!
2012-07-01 01:22:10 -------- d-----w- c:\windows\pss
2012-06-30 18:22:06 306688 ----a-w- c:\windows\IsUninst.exe
2012-06-22 14:01:09 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-06-13 16:33:32 -------- d-----w- c:\documents and settings\dan\application data\RealNetworks
2012-06-12 23:02:51 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-31 16:41:22 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-05-16 04:04:02 -------- d-----w- c:\documents and settings\dan\application data\GameMill Entertainment
2012-05-09 17:38:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 04:27:05 -------- d-----w- c:\documents and settings\dan\local settings\application data\Real
2012-05-04 04:24:25 -------- d-----w- c:\program files\The Weather Channel FW
2012-05-04 04:23:43 -------- d-----w- c:\documents and settings\dan\local settings\application data\The Weather Channel
2012-04-17 02:52:02 -------- d-----w- c:\documents and settings\dan\application data\Happy Artist Studio
2012-04-17 02:52:02 -------- d-----w- c:\documents and settings\all users\application data\Happy Artist Studio
2012-04-11 01:42:10 -------- d-----w- c:\documents and settings\all users\application data\BigFishv1005
2012-04-04 22:10:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 03:24:13 -------- d-----w- c:\documents and settings\dan\application data\Big Fish Games
2012-03-12 03:09:10 -------- d-----w- c:\documents and settings\dan\application data\Awem
2012-03-10 04:11:08 -------- d-----w- c:\program files\Robinson Crusoe and the Cursed Pirates
2012-03-07 04:42:03 -------- d-----w- c:\documents and settings\dan\application data\AtlanticJourney
2012-02-29 14:10:16 148480 -c----w- c:\windows\system32\dllcache\imagehlp.dll
2012-02-28 23:44:57 -------- d-----w- C:\Temp
2012-02-19 19:42:18 -------- d-----w- c:\program files\Windows Media Connect 2
2012-02-16 01:06:05 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 01:06:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-30 04:11:26 -------- d-----w- c:\documents and settings\dan\application data\MumboJumbo
2012-01-13 03:50:36 -------- d-----w- C:\84ab4b05797b5b8d6492343d24
2012-01-08 03:05:18 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2012-01-08 03:04:58 -------- d-----w- c:\program files\iWin.com Games
2012-01-08 02:42:04 -------- d-----w- c:\documents and settings\all users\application data\Intenium
2012-01-08 02:34:50 -------- d-----w- c:\program files\Lost Lagoon 2 - Cursed & Forgotten
2011-12-21 03:59:23 -------- d-----w- c:\documents and settings\dan\application data\casualArts
2011-12-21 03:59:23 -------- d-----w- c:\documents and settings\all users\application data\casualArts
2011-12-10 05:20:12 -------- d-----w- c:\program files\Al Emmo's Postcards from Anozira
2011-11-24 05:01:38 -------- d-----w- c:\documents and settings\dan\application data\Enki Games
2011-11-18 12:35:08 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2011-11-03 15:28:36 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2011-10-26 13:04:16 -------- d-----w- c:\documents and settings\all users\application data\Ask
2011-10-25 22:07:10 -------- d-sh--w- c:\documents and settings\dan\IECompatCache
2011-10-14 14:47:29 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2011-10-14 14:47:29 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2011-10-10 14:43:50 -------- d-----r- c:\program files\Skype
2011-09-12 13:14:02 18944 ----a-r- c:\documents and settings\dan\application data\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A16301.exe
2011-09-03 10:17:37 601088 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-24 19:45:46 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-24 18:59:53 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-24 18:57:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-24 18:49:53 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-18 02:55:14 -------- d-----w- c:\documents and settings\dan\application data\Floodlight Games
2011-08-18 02:55:14 -------- d-----w- c:\documents and settings\all users\application data\Floodlight Games
2011-08-14 20:27:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 05:44:44 -------- d-----w- c:\documents and settings\dan\application data\TMInc
2011-08-13 04:19:41 -------- d-----w- c:\documents and settings\dan\application data\AzuazGames
2011-08-08 20:43:26 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-08-08 20:42:53 -------- d-----w- c:\documents and settings\dan\local settings\application data\Citrix
2011-08-08 20:42:53 -------- d-----w- c:\documents and settings\dan\application data\ICAClient
2011-08-08 20:42:25 -------- d-----w- c:\program files\Citrix
2011-07-15 03:31:46 -------- d-----w- c:\documents and settings\dan\application data\iMaxGen
2011-07-15 03:29:33 -------- d-----w- c:\program files\Jane Angel - Templar Mystery
2011-07-15 02:10:09 -------- d-----w- c:\documents and settings\dan\local settings\application data\JollyBear
2011-07-15 02:10:09 -------- d-----w- c:\documents and settings\all users\application data\JollyBear
2011-07-13 06:16:52 -------- d-----w- c:\documents and settings\dan\application data\Flood Light Games
2011-07-13 06:16:52 -------- d-----w- c:\documents and settings\all users\application data\Flood Light Games
2011-07-11 03:58:55 -------- d-----w- c:\documents and settings\all users\application data\TheRace_dev
2011-07-02 04:19:33 -------- d-----w- c:\documents and settings\dan\application data\Orneon
2011-06-28 04:27:33 -------- d-----w- c:\documents and settings\dan\application data\Vast Studios
2011-06-28 04:26:16 -------- d-----w- c:\program files\Lost Chronicles - Salem
2011-06-27 04:13:50 -------- d-----w- c:\documents and settings\dan\application data\Dragon Altar Games
2011-06-25 04:33:08 -------- d-----w- c:\documents and settings\dan\application data\GTM_Bodie
2011-06-25 03:00:41 -------- d-----w- c:\documents and settings\dan\application data\My Games
2011-06-24 04:43:49 -------- d-----w- c:\documents and settings\all users\application data\Becky Brogan 2
2011-06-23 18:32:12 -------- d-----w- c:\documents and settings\dan\application data\PDFlite
2011-06-23 18:31:21 45056 ----a-w- c:\windows\system32\unredmon.exe
2011-06-23 18:31:04 -------- d-----w- c:\program files\PDFlite
2011-06-20 04:12:09 -------- d-----w- c:\program files\Runic Games
2011-06-16 06:52:34 -------- d-----w- c:\documents and settings\dan\application data\Meridian93
2011-06-16 06:42:49 -------- d-----w- c:\documents and settings\dan\application data\Virtual Prophecy
2011-06-15 05:37:34 -------- d-----w- c:\documents and settings\dan\application data\Elephant Games
2011-06-14 03:51:26 -------- d-----w- c:\documents and settings\all users\application data\SpinTop Games
2011-06-11 09:58:52 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 09:58:52 138056 ----a-w- c:\windows\system32\atl100.dll
2011-06-09 05:23:34 -------- d-----w- c:\documents and settings\all users\application data\Gold Casual Games
2011-06-09 05:23:33 -------- d-----w- c:\documents and settings\dan\application data\Gold Casual Games
2011-06-08 05:49:22 -------- d-----w- c:\documents and settings\dan\application data\Twintale Entertainment
2011-06-02 05:32:45 -------- d-----w- c:\documents and settings\dan\application data\Dekovir
2011-06-01 16:42:04 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-01 16:41:25 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-01 16:40:47 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-01 16:40:47 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-01 16:40:47 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-01 16:40:47 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-01 16:40:46 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-01 16:40:46 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-01 16:40:46 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-01 16:40:46 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-01 16:40:45 -------- d-----w- C:\f1256b8945a102c706c1
2011-06-01 16:26:44 -------- d--h--r- C:\AHCache
2011-05-26 22:54:47 -------- d-----w- c:\program files\Inbox Toolbar
2011-05-19 05:09:03 -------- d-----w- c:\documents and settings\dan\local settings\application data\Game Mill Files
2011-05-15 00:35:07 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-15 00:35:07 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-15 00:18:35 -------- d-----w- c:\program files\Ventrilo
2011-05-15 00:17:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-05-14 04:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-05-07 19:54:04 -------- d-----w- c:\windows\.jagex_cache_32
2011-05-07 04:30:33 -------- d-----w- c:\documents and settings\dan\local settings\application data\Gamenauts
2011-05-05 22:47:20 -------- d-----w- c:\documents and settings\dan\application data\A Gypsy's Tale - The Tower of Secrets
2011-05-05 21:59:06 -------- d-----w- c:\documents and settings\dan\local settings\application data\Color-Brush
2011-05-02 05:45:06 -------- d-----w- c:\documents and settings\dan\application data\HdO Adventure
2011-04-30 06:23:55 -------- d-----w- c:\documents and settings\dan\local settings\application data\Menge
2011-04-30 05:16:43 -------- d-----w- c:\documents and settings\all users\application data\SpecialBit
2011-04-28 12:23:00 -------- d-----w- c:\documents and settings\dan\local settings\application data\Temp
2011-04-27 06:24:27 -------- d-----w- c:\documents and settings\all users\application data\Nevosoft
2011-04-27 06:01:52 -------- d-----w- c:\program files\Cruise Clues - Caribbean Adventure
2011-04-21 06:16:08 -------- d-----w- c:\documents and settings\dan\application data\she_is_a_shadow
2011-04-21 04:44:44 -------- d-----w- c:\documents and settings\dan\application data\BigFishv1000
2011-04-20 05:34:13 -------- d-----w- c:\documents and settings\dan\application data\SpinTop Games
2011-04-19 05:59:13 -------- d-----w- c:\documents and settings\dan\application data\SunRay Games
2011-04-15 05:51:18 -------- d-----w- c:\documents and settings\dan\application data\BigFishv1002
2011-04-15 02:12:06 -------- d-----w- c:\documents and settings\dan\application data\Magic Academy
2011-04-10 00:57:40 -------- d-----w- c:\documents and settings\dan\local settings\application data\Identities
2011-04-09 03:19:50 -------- d-----w- c:\documents and settings\all users\application data\Particles
2011-04-09 03:19:20 -------- d-----w- c:\documents and settings\all users\application data\Far Mills
2011-04-07 05:09:27 -------- d-----w- c:\program files\Hide and Secret 2 - Cliffhanger Castle
2011-04-06 06:07:18 -------- d-----w- c:\documents and settings\dan\application data\HitPoint Studios
2011-04-04 04:11:56 -------- d-----w- c:\documents and settings\dan\Saved Games
2011-04-04 04:11:01 -------- d-----w- c:\documents and settings\dan\application data\iWin
2011-04-04 03:06:59 -------- d-----w- c:\documents and settings\dan\application data\MagicIndie
2011-03-31 05:37:13 -------- d-----w- c:\documents and settings\dan\application data\md studio
2011-03-30 01:18:07 -------- d-----w- c:\program files\common files\Software Update Utility
2011-03-30 00:41:39 -------- d-----w- c:\documents and settings\dan\application data\VirtualStore
2011-03-27 18:00:07 -------- d-----w- c:\documents and settings\dan\local settings\application data\Apple Computer
2011-03-25 21:22:00 -------- d-----w- c:\documents and settings\dan\local settings\application data\Apple
2011-03-24 06:20:18 -------- d-----w- c:\documents and settings\all users\application data\Kristanix Games
2011-03-23 03:56:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-23 03:56:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-23 03:54:47 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-23 03:51:37 -------- d-----w- c:\program files\Bonjour
2011-03-23 03:44:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-23 03:44:25 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-15 05:26:36 -------- d-----w- c:\documents and settings\dan\application data\Alawar
2011-03-15 03:55:48 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-03-15 03:55:48 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-03-15 03:55:48 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-03-15 03:55:48 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-03-15 03:55:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-03-15 03:55:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-03-15 03:55:48 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-03-15 03:55:48 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-03-15 03:55:48 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-03-15 03:55:48 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-03-15 03:55:44 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-03-15 03:55:44 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-03-13 23:17:50 -------- d-----w- c:\documents and settings\dan\local settings\application data\Google
2011-03-13 20:26:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-03-13 20:18:43 -------- d-----w- c:\program files\System Defender
2011-03-13 03:50:40 -------- d-----w- c:\documents and settings\dan\local settings\application data\LogiShrd
2011-03-13 03:49:26 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2011-03-13 03:49:19 34068 ----a-w- c:\windows\system32\Repository.reg
2011-03-13 03:49:19 13976 ----a-w- c:\windows\system32\drivers\lv302af.sys
2011-03-13 03:49:18 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-03-12 18:34:49 116224 ----a-w- c:\windows\system32\redmonnt.dll
2011-03-12 18:34:14 -------- d-----w- c:\program files\FoxTabPDFConverter
2011-03-11 06:00:00 -------- d-----w- c:\documents and settings\dan\application data\IBAGroup
2011-03-10 14:53:45 -------- d-----w- c:\documents and settings\all users\application data\Nexon
2011-03-10 05:59:01 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
2011-03-10 03:02:43 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
2011-03-10 03:01:48 -------- d-----w- c:\program files\Pando Networks
2011-03-05 19:15:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2011-03-05 19:15:24 222448 ----a-w- c:\windows\system32\muweb.dll
2011-03-05 19:15:24 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-03 06:48:42 -------- d-----w- c:\windows\Logs
2011-03-03 06:32:19 -------- d-sh--w- c:\windows\ftpcache
2011-03-02 15:36:30 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-02 15:36:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-02 15:35:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-02 15:34:13 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-02 15:25:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-02 07:17:15 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-03-02 07:17:12 -------- d-----w- c:\program files\bfgclient
2011-03-02 07:11:58 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-03-02 02:34:16 -------- d-----w- c:\windows\system32\LogFiles
2011-03-02 00:07:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-03-02 00:06:12 -------- d-----w- c:\documents and settings\all users\application data\Blizzard Entertainment
2011-03-01 22:54:33 -------- d-----w- c:\documents and settings\dan\local settings\application data\IsolatedStorage
2011-03-01 22:54:32 -------- d-----w- c:\documents and settings\dan\local settings\application data\HP
2011-03-01 22:53:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-03-01 22:53:43 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-03-01 22:11:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2011-03-01 22:11:23 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2011-03-01 22:11:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2011-03-01 22:11:23 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2011-03-01 22:11:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2011-03-01 22:11:23 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2011-03-01 22:11:22 -------- d-----w- C:\Drivers
2011-03-01 21:13:32 -------- d-----w- c:\windows\system32\scripting
2011-03-01 21:13:30 -------- d-----w- c:\windows\system32\en
2011-03-01 21:13:30 -------- d-----w- c:\windows\l2schemas
2011-03-01 21:09:12 -------- d-----w- c:\windows\network diagnostic
2011-03-01 20:45:05 -------- d-sh--w- c:\documents and settings\dan\PrivacIE
2011-03-01 20:43:20 -------- d-sh--w- c:\documents and settings\dan\IETldCache
2011-03-01 20:37:00 -------- d-----w- c:\program files\MSXML 4.0
2011-03-01 20:35:36 -------- d-----w- c:\windows\ie8updates
2011-03-01 20:35:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-01 20:35:21 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-01 20:35:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-01 20:35:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-01 20:35:21 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-01 20:35:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-01 20:35:21 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-03-01 20:34:22 -------- dc-h--w- c:\windows\ie8
2011-03-01 20:15:46 -------- d-----w- c:\documents and settings\dan\local settings\application data\ApplicationHistory
2011-03-01 20:07:45 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-03-01 20:04:10 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-01 20:04:02 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-03-01 20:03:32 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-01 20:00:32 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-01 19:59:08 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-03-01 19:59:08 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-03-01 19:59:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-03-01 19:59:01 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-03-01 19:59:00 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-03-01 19:59:00 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-03-01 19:59:00 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-03-01 19:59:00 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-03-01 19:58:59 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-03-01 19:58:59 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-03-01 19:58:58 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-03-01 19:58:57 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-01 19:58:55 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-01 19:58:54 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-01 19:58:25 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-03-01 19:58:14 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-03-01 19:57:31 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-03-01 19:57:21 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-03-01 19:53:35 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-03-01 19:47:12 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-03-01 19:45:27 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-03-01 19:43:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-01 19:43:56 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-03-01 19:28:03 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-01 19:26:59 -------- d-----w- c:\windows\peernet
2011-03-01 19:26:58 -------- d-----w- c:\windows\provisioning
2011-03-01 19:25:34 -------- d-----w- c:\windows\ServicePackFiles
2011-03-01 19:21:38 -------- d-----w- c:\windows\EHome
2011-03-01 17:21:09 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-01 17:21:04 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-01 17:08:44 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-03-01 17:08:44 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2011-03-01 17:08:37 -------- d-----w- c:\program files\CONEXANT
2011-03-01 17:06:32 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
2011-03-01 16:39:07 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-03-01 16:39:07 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-03-01 16:39:06 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-03-01 16:39:06 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-03-01 16:38:45 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-03-01 16:34:55 -------- d-----w- c:\program files\common files\HP
2011-03-01 16:34:09 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-03-01 16:32:59 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2011-03-01 16:31:45 -------- d-----w- c:\windows\system32\URTTemp
2011-03-01 16:25:59 -------- d-----w- c:\program files\HP
2011-03-01 15:18:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-01 15:18:03 -------- d-----w- c:\windows\ShellNew
2011-03-01 00:56:38 -------- d-----w- c:\program files\SiteAdvisor
2011-03-01 00:55:46 -------- d-----w- c:\program files\common files\Mcafee
2011-03-01 00:55:36 -------- d-----w- c:\program files\McAfee
2011-03-01 00:43:07 1082368 ----a-w- c:\windows\system32\esent.dll
2011-03-01 00:33:32 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-01 00:33:31 8704 -c--a-w- c:\windows\system32\dllcache\tsbyuv.dll
2011-03-01 00:33:31 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-01 00:33:31 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-03-01 00:33:31 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-03-01 00:33:30 48128 -c--a-w- c:\windows\system32\dllcache\iyuv_32.dll
2011-03-01 00:33:30 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-01 00:31:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-01 00:31:51 -------- d-----w- c:\windows\system32\PreInstall
2011-03-01 00:31:50 -------- d--h--w- c:\windows\$hf_mig$
2011-03-01 00:31:28 -------- d-----w- c:\windows\system32\bits
2011-03-01 00:30:50 8192 ------w- c:\windows\system32\bitsprx2.dll
2011-03-01 00:30:50 7168 ------w- c:\windows\system32\bitsprx3.dll
2011-03-01 00:30:50 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-03-01 00:30:50 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-02-28 22:56:29 -------- d-sh--w- c:\documents and settings\dan\UserData
2011-02-28 22:28:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-28 22:15:39 6752 ------w- c:\windows\system32\PFMODNT.SYS
2011-02-28 22:15:39 -------- d-----w- c:\program files\Creative
2011-02-28 22:06:37 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-02-28 22:06:37 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-02-28 22:06:36 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-02-28 22:06:36 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-02-28 22:06:36 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-02-28 22:06:35 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-02-28 22:06:34 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-02-28 22:06:33 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-02-28 22:03:34 24064 ----a-w- c:\windows\system32\IntelNic.dll
2011-02-28 22:03:34 145408 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
[font="arial, sans-serif"][size="2"]2011-02-28 22:03:34 145408 ----a-w- c:\windows\system32\drivers\e100b325.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-28 22:03:34 12288 ----a-w- c:\windows\system32\e100bmsg.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-28 22:03:34 118784 ----a-w- c:\windows\system32\Prounstl.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-28 22:03:34 -------- d-----w- C:\drvrtmp[/size][/font]
[font="arial, sans-serif"][size="2"].[/size][/font]
[font="arial, sans-serif"][size="2"]==================== Find3M ====================[/size][/font]
[font="arial, sans-serif"][size="2"].[/size][/font]
[font="arial, sans-serif"][size="2"]2012-12-22 17:20:49 499712 ----a-w- c:\windows\system32\msvcp71.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-12-22 17:20:49 348160 ----a-w- c:\windows\system32\msvcr71.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl[/size][/font]
[font="arial, sans-serif"][size="2"]2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec[/size][/font]
[font="arial, sans-serif"][size="2"]2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui[/size][/font]
[font="arial, sans-serif"][size="2"]2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-28 21:47:03 0 ----a-w- c:\documents and settings\dan\~DF851.tmp[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-12-20 17:32:15 551936 ----a-w- c:\windows\system32\oleaut32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2010-10-07 19:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-10-07 19:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-10-07 19:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-10-07 19:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax[/size][/font]
[font="arial, sans-serif"][size="2"]2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-04-16 15:20:18 81920 ------w- c:\windows\system32\ieencode.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-03-31 07:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-03-31 07:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2010-03-30 20:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-03-30 08:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax[/size][/font]
[font="arial, sans-serif"][size="2"]2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm[/size][/font]
[font="arial, sans-serif"][size="2"]2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-07 08:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-07 08:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-11-06 06:17:22 297808 ----a-w- c:\windows\system32\mscoree.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-14 21:41:08 322392 ----a-w- c:\windows\system32\wiaaut.dll[/size][/font]
[font="arial, sans-serif"][size="2"]2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll[/size][/font]
[font="arial, sans-serif"][size="2"].[/size][/font]
[font="arial, sans-serif"][size="2"]============= FINISH: 9:46:53.46 ===============[/size][/font]

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 17,283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 07 January 2013 - 11:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#4 joquav

joquav
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 07 January 2013 - 04:54 PM

Awesome - it appears everything is back in working order! Thanks a million! The only question that I still have, is that since repairing, almost every website I open, gives me a security certificate error message. Any idea why that would be happening? At any rate - thanks very much for your help - I'd been working on this thing for two days! You assistance is greatly appreciated! Here are the three logs you asked me to post upon completion:


ComboFix 13-01-06.01 - Dan 10/10/2003 12:35:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1097 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\Administrator\~DF851.tmp
c:\documents and settings\All Users\Application Data\lsajijkgsYOQ7fxB8+4stgLLYjlL_.mkv
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dan\~DF851.tmp
c:\documents and settings\Dan\My Documents\~WRL0004.tmp
c:\documents and settings\Dan\My Documents\~WRL0109.tmp
c:\documents and settings\Dan\My Documents\~WRL2615.tmp
c:\documents and settings\Dan\My Documents\~WRL3456.tmp
c:\documents and settings\Dan\My Documents\~WRL3879.tmp
c:\documents and settings\Dan\My Documents\~WRL4037.tmp
c:\documents and settings\Dan\My Documents\~WRL4080.tmp
c:\documents and settings\Default User\~DF851.tmp
c:\program files\HP\Digital Imaging\bbfe\director\loc\dir-strings.txt
c:\program files\StartNow Toolbar
c:\windows\system\winspool.drv
c:\windows\system32\config\systemprofile\~DF851.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
----- File Replicators -----
.
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\1001-nights-the-adventures-of-sindbad_s1_l1_gF5394T1L1_d1298082289[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\3-days-zoo-mystery_s1_l1_gF5001T1L1_d1276032514[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\3-days-zoo-mystery_s1_l1_gF5001T1L1_d1276033476[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\a-gypsys-tale-the-tower-of-secrets_s1_l1_gF5836T1L1_d1304543092[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\amazing-adventures-the-forgotten-dynasty_s1_l1_gF6206T1L1_d1286462350[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\amazing-adventures-the-forgotten-dynasty_s1_l1_gF6206T1L1_d1286462627[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\behind-the-reflection_s1_l1_gF6146T1L1_d1244730656[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\blood-and-ruby_s1_l1_gF6630T1L1_d1270425962[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cate-west-the-velvet-keys_s1_l1_gF2983T1L1_d1305852358[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cave-quest_s1_l1_gF6626T1L1_d1263357094[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cruise-clues-caribbean-adventure_s1_l1_gF5644T1L1_d1294745395[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cruise-clues-caribbean-adventure_s1_l1_gF5644T1L1_d1294754194[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\escape-from-lost-island_s1_l1_gF5415T1L1_d1294758950[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\escape-whisper-valley_s1_l1_gF5822T1L1_d1287583110[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\girl-in-the-city_s1_l1_gF6114T1L1_d1300474825[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\haunted-hotel-2-believe-the-lies_s1_l1_gF2832T1L1_d1298044481[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\hidden-relics_s1_l1_gF2212T1L1_d1276037152[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\hidden-relics_s1_l1_gF2212T1L1_d1303754101[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\hide-secret-cliffhanger-castle_s1_l1_gF2463T1L1_d1271493845[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\hideandsecret_s1_l1_gF1483T1L1_d1230751189[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\interpol-the-trail-of-dr-chaos_s1_l1_gF2103T1L1_d1269278790[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\jewel-quest-mysteries-curse-emerald-tear_s1_l1_gF5335T1L1_d1310354710[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\jewelquest2_s1_l1_gF1444T1L1_d1268127107[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\jewelry-secret_s1_l1_gF6009T1L1_d1304504905[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\loves-power-mahjong_s1_l1_gF5730T1L1_d1278295531[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\magicacademy_s1_l1_gF1485T1L1_d1280385154[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\magicacademy_s1_l1_gF1485T1L1_d1280390649[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\magicacademy_s1_l1_gF1485T1L1_d1280391272[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-stolen-in-san-francisco_s1_l1_gF5969T1L1_d1280432653[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-stolen-in-san-francisco_s1_l1_gF5969T1L1_d1280497305[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-stolen-in-san-francisco_s1_l1_gF5969T1L1_d1280498401[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-the-london-caper_s1_l1_gF5632T1L1_d1313535547[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-the-london-caper_s1_l1_gF5632T1L1_d1313538091[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystery-pi-the-lottery-ticket_s1_l1_gF2102T1L1_d1313547933[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystic-diary-haunted-island_s1_l1_gF5925T1L1_d1285384484[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystic-diary-haunted-island_s1_l1_gF5925T1L1_d1285385095[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\mystic-diary-lost-brother_s1_l1_gF5064T1L1_d1304539479[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\pirate-mysteries_s1_l1_gF6174T1L1_d1255093897[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\privateeyegreatestu_s1_l1_gF1566T1L1_d1262190981[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\privateeyegreatestu_s1_l1_gF1566T1L1_d1304533466[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\privateeyegreatestu_s1_l1_gF1566T1L1_d1304537218[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\reading-the-dead_s1_l1_gF6043T1L1_d1229656772[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\reading-the-dead_s1_l1_gF6043T1L1_d1230748546[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\romance-of-rome_s1_l1_gF5238T1L1_d1278294433[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\romance-of-rome_s1_l1_gF5238T1L1_d1278297294[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\romancing-the-seven-wonders-great-pyramid_s1_l1_gF5827T1L1_d1241964583[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\she-is-a-shadow_s1_l1_gF5133T1L1_d1287623227[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\soul-journey_s1_l1_gF6136T1L1_d1239982435[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-fool_s1_l1_gF6654T1L1_d1268087502[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-fool_s1_l1_gF6654T1L1_d1300485718[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-white-house_s1_l1_gF5401T1L1_d1288733510[1].exe
c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\treasure-hunters_s1_l1_gF6112T1L1_d1273556211[1].exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2003-09-10 to 2003-10-10 )))))))))))))))))))))))))))))))
.
.
2013-01-04 18:56 . 2003-10-09 21:15 -------- d-----w- C:\aebd83f776627ff3a753fc94c047bd
2013-01-04 18:54 . 2003-10-09 21:15 -------- d-----w- C:\c29fbef41826d28b57e3dd
2012-08-11 17:39 . 2012-08-11 17:40 -------- d-----w- C:\e
2012-02-28 23:44 . 2012-05-04 04:20 -------- d-----w- C:\Temp
2012-01-13 03:50 . 2012-01-13 03:57 -------- d-----w- C:\84ab4b05797b5b8d6492343d24
2011-06-01 16:40 . 2011-06-01 16:41 -------- d-----w- C:\f1256b8945a102c706c1
2011-06-01 16:26 . 2011-06-01 16:26 -------- d-----r- C:\AHCache
2011-03-01 22:11 . 2011-03-01 22:11 -------- d-----w- C:\Drivers
2011-02-28 22:03 . 2011-02-28 22:03 -------- d-----w- C:\drvrtmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 17:20 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 17:20 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2003-07-16 20:51 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd(4).dll
2012-11-01 12:17 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-10-02 18:04 . 2003-07-16 20:47 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-24 13:53 . 2003-07-16 20:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2003-07-16 20:39 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-06 13:58 . 2003-07-16 20:24 78336 ----a-w- c:\windows\system32\browser.dll
2012-06-14 18:03 . 2012-07-01 03:35 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 18:03 . 2012-07-01 03:35 131 ----a-w- c:\windows\IDB.zip
2012-06-04 04:32 . 2003-07-16 20:43 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2003-07-16 20:25 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-01 16:50 . 2003-03-21 00:18 601088 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 09:22 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll
2012-02-29 14:10 . 2003-07-16 20:30 148480 ----a-w- c:\windows\system32\imagehlp.dll
2011-11-25 21:57 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35 . 2003-07-16 20:40 60416 ----a-w- c:\windows\system32\packager.exe
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-18 11:13 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47 . 2003-07-16 20:51 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-14 14:47 . 2003-07-16 20:32 23040 ----a-w- c:\windows\system32\mciseq.dll
2011-09-26 18:41 . 2003-07-16 20:40 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2003-07-16 20:40 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-17 13:49 . 2003-07-16 20:23 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2003-07-16 20:37 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37 . 2003-07-16 20:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18 . 2003-07-16 20:46 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-09 13:53 . 2003-07-16 20:43 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2003-07-16 20:33 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-07-16 20:33 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-21 14:44 . 2003-07-16 20:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-20 17:32 . 2003-07-16 20:40 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26 . 2003-07-16 20:32 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-07-16 20:39 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-09 14:52 . 2003-07-16 20:40 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17 . 2003-07-16 20:37 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53 . 2003-07-16 20:33 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-07-16 20:33 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02 . 2003-07-16 20:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-07-16 20:46 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12 . 2003-07-16 20:25 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-06-17 14:03 . 2003-07-16 20:29 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17 . 2003-07-16 20:31 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2011-02-28 21:45 744448 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\helpsvc.exe
2010-04-16 15:36 . 2003-07-16 20:49 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 08:52 . 2003-07-16 20:34 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37 . 2003-07-16 20:24 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-11 12:02 . 2003-07-16 20:47 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43 . 2003-07-16 20:31 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01 . 2003-07-16 20:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-15 16:28 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-12 13:38 . 2003-07-16 20:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-07-16 20:42 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-07-16 20:35 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46 . 2003-07-16 20:35 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00 . 2003-07-16 20:46 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2003-07-16 20:42 1435648 ----a-w- c:\windows\system32\query.dll
2009-06-25 08:25 . 2003-07-16 20:50 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-07-16 20:44 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-24 11:18 . 2003-07-16 20:31 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2003-07-16 20:47 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:14 . 2003-07-16 20:52 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-04-20 17:17 . 2003-07-16 20:27 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-03-08 12:33 . 2003-07-16 20:25 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 12:32 . 2003-07-16 20:23 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 12:32 . 2003-07-16 20:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 12:31 . 2003-07-16 20:30 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 12:31 . 2003-07-16 20:35 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 12:31 . 2003-07-16 20:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-03-08 12:31 . 2003-07-16 20:35 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 12:30 . 2003-07-16 20:47 66560 ----a-w- c:\windows\system32\tdc.ocx
2009-03-08 12:22 . 2003-07-16 20:36 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 20:41 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2003-07-16 20:23 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-06 11:11 . 2003-07-16 20:44 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39 . 2003-07-16 20:43 35328 ----a-w- c:\windows\system32\sc.exe
2008-10-23 12:36 . 2003-07-16 20:28 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-06-20 16:02 . 2003-07-16 20:37 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2003-07-16 20:47 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-18 13:03 . 2003-07-16 20:52 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 09:09 . 2003-07-16 20:32 100864 ----a-w- c:\windows\system32\logagent.exe
2008-05-09 23:23 . 2003-07-16 20:53 135168 ----a-w- c:\windows\system32\wshom.ocx
2008-05-09 10:53 . 2003-07-16 20:53 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53 . 2003-07-16 20:44 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53 . 2003-07-16 20:44 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02 . 2003-07-16 20:43 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24 . 2003-07-16 20:53 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07 . 2003-07-16 20:26 135168 ----a-w- c:\windows\system32\cscript.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49376E92-5849-4344-AE83-7EF1DE077E46}]
2012-12-28 21:35 78136 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\couponamazing\ie\couponamazing_1356730502.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-22 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-04-30 460048]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [12/28/2012 2:41 PM 2469992]
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [10/9/2003 2:42 PM 529024]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [6/14/2012 8:20 AM 109064]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [10/9/2003 2:42 PM 816672]
S1 SASKUTIL;SASKUTIL;\??\f:\saskutil.sys --> f:\SASKUTIL.SYS [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2003-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 11:58]
.
2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-12-30 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-07-16 00:12]
.
2003-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 23:17]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 23:17]
.
2003-10-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-746137067-1417001333-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-01-03 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-746137067-1417001333-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2003-10-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1417001333-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2012-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1417001333-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2003-10-09 c:\windows\Tasks\User_Feed_Synchronization-{1D0969B8-DB7E-4A27-8684-CFE0A89D118B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
2013-01-04 c:\windows\Tasks\User_Feed_Synchronization-{21F19969-3392-4EFA-9A50-B95374285861}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-StartNow Search Protect - c:\program files\StartNow Toolbar\search_protect.exe
AddRemove-D-Link Toolbar - c:\program files\D-Link Toolbar\uninstall.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-10-10 12:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5076)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\documents and settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2003-10-10 12:49:57 - machine was rebooted
ComboFix-quarantined-files.txt 2003-10-10 19:49
.
Pre-Run: 123,703,193,600 bytes free
Post-Run: 123,854,057,472 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 851F2319BE4BEAA72458D8D9BA7376E9







Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Scholastic's I SPY Fantasy
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 31
Java version out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````




# AdwCleaner v2.104 - Logfile created 10/10/2003 at 13:05:09
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dan - DANIEL-IYU7R0D3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Deleted on reboot : C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted on reboot : C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Dan\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Dan\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Dan\Local Settings\Application Data\SavingsApp
Folder Deleted : C:\Documents and Settings\Dan\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Dan\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\5b55dad9b53ce413
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\5b55dad9b53ce413
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\FCTB000100685
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Wajam
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://www.claro-search.com/?affID=117459&tt=5212_6&babsrc=HP_ss&mntrId=0c40108b0[...]
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=117459&tt=5212_6&babsrc[...]
Deleted [l.314] : homepage = "hxxp://www.claro-search.com/?affID=117459&tt=5212_6&babsrc=HP_ss&mntrId=0c40108b0000[...]
Deleted [l.525] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=117459&tt=5212_6&babsrc=HP[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12441 octets] - [10/10/2003 13:00:52]
AdwCleaner[R2].txt - [12502 octets] - [10/10/2003 13:02:00]
AdwCleaner[S1].txt - [11450 octets] - [10/10/2003 13:05:09]

########## EOF - C:\AdwCleaner[S1].txt - [11511 octets] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 17,283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 08 January 2013 - 08:31 AM

Open notepad and copy/paste the text in the quote box below into it:

Folder::
c:\documents and settings\Dan\Local Settings\Application Data\couponamazing
c:\documents and settings\All Users\Application Data\BrowserProtect

Driver::
BrowserProtect

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49376E92-5849-4344-AE83-7EF1DE077E46}]

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


Java 7 update 10 introduces important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Let me know if the problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 17,283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 PM

Posted 14 January 2013 - 11:06 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users