Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
I have the Tracur Trojan on my computer. I first noticed it last week after my grandson was on my computer for a few hours. He tried to shut down and reboot the computer after it froze on him and the computer would only boot to a blue screen of death. I repaired my computer using the Windows 7 disk and am now able to log on, but since (the last 5 days or so), I have noticed this Tracur Trojan virus.
I have used Malwarebytes to try to remove the virus but it keeps coming back. I also have Norton 360 installed. Norton keeps telling me that it is blocking an intrusion attempt. When I click on the details, it tells me that it is blocking the Tracur.Trojan. From posts I have read at Norton's forum, the Tracur Trojan is already on my system. The virus is trying to connect out and IPS is blocking the outbound connection. They suggest I go to you for help.
I have followed your instructions and created a DDS and Attach file, which I will now enter and attach below. I appreciate any help you can offer.
DDS File:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Run by Sue at 7:24:37 on 2011-08-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.5354 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\ncsi32.exe
C:\ProgramData\DeviceDisplayStatusManager32.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\SysWOW64\rserver30\RServer3.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [<NO NAME>]
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79DE5D26-11CD-4CEB-8496-875AC1BB70D7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B282681D-70A6-4A1B-86F9-4EF9EBCE7673} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [(Default)]
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
AppInit_DLLs-X64: C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\x4mtdagi.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 68d4cf37-3b8d-47fa-8ffc-e69a540bd30f
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110822.030\IDSviA64.sys [2011-8-22 488056]
R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2009-10-9 68704]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/14 13:55:42];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-9-14 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-5-25 87368]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-14 192512]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-3-25 223088]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-12-12 126392]
R2 Netlogon32;Netlogon ;C:\Windows\System32\ncsi32.exe [2011-8-19 711680]
R2 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2009-10-9 1242504]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-11 136824]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys --> C:\Windows\system32\DRIVERS\rminiv3.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-12 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-15 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-12 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 r_server;Remote Administrator Service;C:\Windows\SysWOW64\r_server.exe [2010-1-10 241664]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-23 09:12:39 158208 ------w- C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.dll
2011-08-23 00:14:52 -------- d-----w- C:\Users\Sue\AppData\Local\{D8079AAD-332D-4222-9CFD-BC4799F852E4}
2011-08-23 00:14:40 -------- d-----w- C:\Users\Sue\AppData\Local\{FFE9763B-AF70-4ED8-B986-6DA804922014}
2011-08-22 12:14:05 -------- d-----w- C:\Users\Sue\AppData\Local\{8A2E5FA2-3A47-439F-81F5-4073A7D4F460}
2011-08-22 12:13:54 -------- d-----w- C:\Users\Sue\AppData\Local\{AAF886C7-6FF4-41F5-B83B-FDD0F25856A3}
2011-08-22 00:13:25 -------- d-----w- C:\Users\Sue\AppData\Local\{32F03277-622D-43D0-A5EF-06CA4EBD160B}
2011-08-22 00:13:13 -------- d-----w- C:\Users\Sue\AppData\Local\{D01070A1-F0A0-48F0-AD60-314D584AAE2C}
2011-08-21 12:12:29 -------- d-----w- C:\Users\Sue\AppData\Local\{7BA4F6F4-FFA2-4764-B85C-AD0B08CA16AE}
2011-08-21 00:11:59 -------- d-----w- C:\Users\Sue\AppData\Local\{AF822F3E-E08E-4491-B505-A3DFA800692E}
2011-08-20 12:11:33 -------- d-----w- C:\Users\Sue\AppData\Local\{1B7F47FD-E70D-4DAD-AA2F-B7A1FD5A4B80}
2011-08-20 12:11:21 -------- d-----w- C:\Users\Sue\AppData\Local\{8D58089D-9E90-4264-8265-C9D2540717C3}
2011-08-20 12:11:10 -------- d-----w- C:\Users\Sue\AppData\Local\{55F09550-1A24-4CBF-A0F4-48DB00D45D3E}
2011-08-20 12:10:59 -------- d-----w- C:\Users\Sue\AppData\Local\{A0B471D0-6C10-44D1-8657-C599EF0E0085}
2011-08-20 00:10:32 -------- d-----w- C:\Users\Sue\AppData\Local\{C9147EF0-7D3D-4E68-9474-D3A3C9E351F3}
2011-08-20 00:10:21 -------- d-----w- C:\Users\Sue\AppData\Local\{B72F5F58-863B-4ED7-8746-B85C71FCAE5F}
2011-08-19 12:09:46 -------- d-----w- C:\Users\Sue\AppData\Local\{2AF01946-0FA3-45A7-8646-10912675D879}
2011-08-19 12:09:35 -------- d-----w- C:\Users\Sue\AppData\Local\{9F0F005E-333C-49E9-ACC3-98BF7B12663B}
2011-08-19 11:48:10 711680 ----a-w- C:\ProgramData\DeviceDisplayStatusManager32.exe
2011-08-19 11:48:09 711680 ----a-w- C:\Windows\SysWow64\ncsi32.exe
2011-08-19 11:19:27 -------- d-----w- C:\Windows\en
2011-08-19 11:14:26 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-19 11:11:00 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-08-19 11:11:00 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-08-19 11:11:00 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-08-19 11:11:00 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-08-19 10:38:32 -------- d-----w- C:\Users\Sue\AppData\Local\{78E80D00-FC8D-4589-BDC3-B70D673A4ABF}
2011-08-19 10:38:19 -------- d-----w- C:\Users\Sue\AppData\Local\{3F546C66-C880-4DB7-A13A-890ED7690688}
2011-08-18 21:40:08 -------- d-----w- C:\Users\Sue\AppData\Local\{B63483D6-A289-4C04-88E7-D1169ACE7421}
2011-08-18 21:39:55 -------- d-----w- C:\Users\Sue\AppData\Local\{FD1B78F2-9DA8-4DA8-AE44-C46D39741437}
2011-08-17 11:17:53 -------- d-----w- C:\Users\Sue\AppData\Local\{4924D015-785A-4590-B09D-BE64BEE6B2D3}
2011-08-17 11:17:41 -------- d-----w- C:\Users\Sue\AppData\Local\{2356D182-1F53-42A1-85C2-C9FC5903080B}
2011-08-17 02:17:08 -------- d-----w- C:\Users\Sue\AppData\Local\{07EDFE75-3F2D-4C77-A686-C1B947AD10E6}
2011-08-17 02:16:56 -------- d-----w- C:\Users\Sue\AppData\Local\{12D1BED7-806D-4A54-A313-452F1E0D0C03}
2011-08-16 11:37:56 -------- d-----w- C:\Users\Sue\AppData\Local\{2918ABB1-6755-40F2-A94C-EA14F5965363}
2011-08-16 11:37:45 -------- d-----w- C:\Users\Sue\AppData\Local\{80E30F4C-F6AB-4F59-82AD-4C2447EA024D}
2011-08-16 09:58:08 -------- d-----w- C:\Users\Sue\AppData\Local\{4174A02F-BD90-4AAC-A4B2-81E8336E108D}
2011-08-16 09:57:56 -------- d-----w- C:\Users\Sue\AppData\Local\{731CDDA3-FB90-41D5-AB59-4D442EADE5BE}
2011-08-15 10:13:39 -------- d-----w- C:\Users\Sue\AppData\Local\{89E2C2D7-EA63-4562-B688-25040D44BA3D}
2011-08-15 10:13:27 -------- d-----w- C:\Users\Sue\AppData\Local\{5E290E39-A827-4BA8-B128-8D80F4D1721B}
2011-08-14 22:31:24 -------- d-----w- C:\Users\Sue\AppData\Local\Microsoft Games
2011-08-14 15:41:15 -------- d-----w- C:\Users\Sue\AppData\Local\{BB87E0A4-8DE4-4435-9C0B-8CB28940CF0F}
2011-08-14 15:41:04 -------- d-----w- C:\Users\Sue\AppData\Local\{9710DEFC-ED13-41A6-B23C-298EE83799B5}
2011-08-14 03:41:15 -------- d-----w- C:\Users\Sue\AppData\Local\{1AC0E907-D446-460C-BEE9-7B680483D184}
2011-08-14 03:41:04 -------- d-----w- C:\Users\Sue\AppData\Local\{7BC48B03-65BC-48DD-89AE-A19C1CC475E4}
2011-08-13 15:41:16 -------- d-----w- C:\Users\Sue\AppData\Local\{DF760FD0-BA40-42C2-953E-0C5E16391E45}
2011-08-13 15:41:05 -------- d-----w- C:\Users\Sue\AppData\Local\{CEE8964D-581D-4607-8A16-E7B023ECCC08}
2011-08-12 11:29:13 -------- d-----w- C:\Users\Sue\AppData\Local\{48B38931-68FE-40D8-A3E5-8372D17B73FB}
2011-08-12 11:29:02 -------- d-----w- C:\Users\Sue\AppData\Local\{45720797-5112-4AAC-BF2B-7A0CCEF4D78D}
2011-08-11 18:25:47 -------- d-----w- C:\Users\Sue\AppData\Local\{21ED1B31-10C3-43A7-B214-99AC8ADA2043}
2011-08-11 18:25:35 -------- d-----w- C:\Users\Sue\AppData\Local\{00764626-A062-425F-8866-1CC26477DAED}
2011-08-11 10:35:29 -------- d-----w- C:\Users\Sue\AppData\Local\{86A80A40-2FE2-4CBA-B5A8-EB90D93F03BB}
2011-08-11 10:35:17 -------- d-----w- C:\Users\Sue\AppData\Local\{61CB0909-7EC3-4F56-A1D8-99EC1DE87BDE}
2011-08-11 10:29:05 -------- d-----w- C:\Users\Sue\AppData\Local\{B8F3F741-DCC5-4953-B0A5-D48047280877}
2011-08-11 03:54:00 -------- d-----w- C:\Users\Sue\AppData\Local\{F308997C-E32F-4368-943C-5174E20BCECB}
2011-08-11 02:22:21 -------- d-----w- C:\Users\Sue\AppData\Local\{A056B12A-C6B0-4015-92FF-4B5936B48550}
2011-08-11 02:22:10 -------- d-----w- C:\Users\Sue\AppData\Local\{B0DC7E91-1CB2-457B-A67D-956ADF172CD9}
2011-08-10 22:07:42 -------- d-----w- C:\Users\Sue\AppData\Local\{357274CD-E081-4F58-8DFE-5A37E9CC33C4}
2011-08-10 15:18:29 -------- d-----w- C:\Users\Sue\AppData\Local\{646A82E8-E804-4BB1-8A96-2893510DAA12}
2011-08-10 15:18:17 -------- d-----w- C:\Users\Sue\AppData\Local\{D7B16216-1803-4FF0-9242-DDC4A028B06E}
2011-08-10 10:33:16 -------- d-----w- C:\Users\Sue\AppData\Local\{19E7706E-BD74-469F-A48E-F96D3F4E94CE}
2011-08-10 10:33:04 -------- d-----w- C:\Users\Sue\AppData\Local\{0CE93E71-52DC-4558-8619-14628744B3CA}
2011-08-10 10:32:47 -------- d-----w- C:\Users\Sue\AppData\Local\{2926AD3B-8D85-47C9-AFDD-266DC8B06276}
2011-08-09 22:57:02 -------- d-----w- C:\Users\Sue\AppData\Local\{51C1128F-6972-4715-96A8-A3CD26867E51}
2011-08-09 22:56:51 -------- d-----w- C:\Users\Sue\AppData\Local\{C586351D-5732-40D6-8E22-101F3A71622B}
2011-08-09 21:27:31 -------- d-----w- C:\Users\Sue\AppData\Local\{7E817B67-504A-4516-98B2-B94F5AF11B8D}
2011-08-09 15:05:35 -------- d-----w- C:\Users\Sue\AppData\Local\{24D33C2B-7411-493F-A747-66148EA8C180}
2011-08-09 15:05:24 -------- d-----w- C:\Users\Sue\AppData\Local\{5908B752-BC75-43B1-87C0-A76F619D4EEF}
2011-08-09 14:35:40 -------- d-----w- C:\Users\Sue\AppData\Local\{B345C08F-C210-47D0-944C-126E011E9897}
2011-08-09 14:35:29 -------- d-----w- C:\Users\Sue\AppData\Local\{8083E263-B70D-4DB6-9217-D24BB599CC40}
2011-08-09 03:54:02 -------- d-----w- C:\Users\Sue\AppData\Local\{1134BF58-C898-4D3A-813D-E6A0DF1D24AF}
2011-08-09 02:35:40 -------- d-----w- C:\Users\Sue\AppData\Local\{7121A8DE-2CE5-4335-8FC0-61FA57C794E1}
2011-08-09 02:35:29 -------- d-----w- C:\Users\Sue\AppData\Local\{D44F3811-CEA2-4DBF-8C30-B59AFC0783F9}
2011-08-08 15:53:57 -------- d-----w- C:\Users\Sue\AppData\Local\{D04F8BE8-B2C2-4AB9-AA4F-A9B7A5968C73}
2011-08-08 10:14:17 -------- d-----w- C:\Users\Sue\AppData\Local\{ADBCCA29-9177-4326-AE8C-CFF36DDAF605}
2011-08-08 10:14:05 -------- d-----w- C:\Users\Sue\AppData\Local\{A550F41E-5534-4C05-BB23-616137585BC6}
2011-08-08 10:13:34 -------- d-----w- C:\Users\Sue\AppData\Local\{A0195618-DE04-4C95-86B8-DF40813D0B50}
2011-08-07 22:22:46 -------- d-----w- C:\Users\Sue\AppData\Local\{6D1B8B50-865B-4F55-B32E-93322CC5ED18}
2011-08-07 22:22:34 -------- d-----w- C:\Users\Sue\AppData\Local\{19BF7BD6-161A-44B7-9C0E-20CD4B6D5DA8}
2011-08-07 16:03:42 -------- d-----w- C:\Users\Sue\AppData\Local\{6C639F00-CDFC-4294-94B7-CF7E81203F8F}
2011-08-07 13:34:37 -------- d-----w- C:\Users\Sue\AppData\Local\{63DCC676-F7DB-4F75-A94A-9EE5FF52BDA5}
2011-08-07 13:34:25 -------- d-----w- C:\Users\Sue\AppData\Local\{1F197F1C-8FA2-4E65-BE03-0A13B3BA40F3}
2011-08-07 09:06:39 -------- d-----w- C:\Users\Sue\AppData\Local\{27BF1103-266C-4600-ABF1-6AA3B62A2148}
2011-08-07 09:06:27 -------- d-----w- C:\Users\Sue\AppData\Local\{1CD0DB02-E320-4E96-AC99-73D5B1DB0D5C}
2011-08-07 09:06:05 -------- d-----w- C:\Users\Sue\AppData\Local\{A69808FA-C6EB-42DC-BBE9-48DB5E5BF7A2}
2011-08-06 19:55:24 -------- d-----w- C:\Users\Sue\AppData\Local\{DADD314E-CAEA-4498-90FF-262731862F38}
2011-08-06 19:55:13 -------- d-----w- C:\Users\Sue\AppData\Local\{66A8100A-D39F-43DB-9E0C-FDB0541D4980}
2011-08-06 16:25:51 -------- d-----w- C:\Users\Sue\AppData\Local\{CE88681D-0559-412F-89D8-ECD14902A4D4}
2011-08-06 03:54:00 -------- d-----w- C:\Users\Sue\AppData\Local\{884F1E80-B7F3-47A5-B9DE-A718B7462201}
2011-08-06 02:54:18 -------- d-----w- C:\Users\Sue\AppData\Roaming\AUNSoft
2011-08-06 02:54:09 75264 ----a-w- C:\Windows\SysWow64\zlib1.dll
2011-08-06 02:54:09 53248 ----a-w- C:\Windows\SysWow64\MyFlashZip0.ax
2011-08-06 02:54:08 -------- d-----w- C:\Program Files (x86)\Aunsoft
2011-08-06 02:07:10 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-08-06 00:43:41 -------- d-----w- C:\Users\Sue\AppData\Local\{28790855-0848-462D-A845-CC1BDF83C90C}
2011-08-06 00:43:30 -------- d-----w- C:\Users\Sue\AppData\Local\{44EF5910-5674-4DA7-973C-4F0790B4F5F8}
2011-08-05 20:43:10 -------- d-----w- C:\Users\Sue\AppData\Local\{67218B2E-606D-4BCC-9001-85A863C3917B}
2011-08-05 09:52:05 -------- d-----w- C:\Users\Sue\AppData\Local\{DCEA7B1E-FF3F-4508-A82D-E2EDD0CFCEF8}
2011-08-05 09:51:53 -------- d-----w- C:\Users\Sue\AppData\Local\{2913D143-C7EB-46B0-B4A4-CB09368F64BB}
2011-08-05 09:51:35 -------- d-----w- C:\Users\Sue\AppData\Local\{BB370A14-DE2F-44AB-AF6D-9FE8A4961AF0}
2011-08-05 03:17:38 -------- d-----w- C:\Users\Sue\AppData\Local\{63269CDF-8616-428E-97EF-5C70BCD4B8B9}
2011-07-29 00:46:52 -------- d-----w- C:\Users\Sue\AppData\Local\{94659921-3B61-4DE5-9165-DFB089D5ACA5}
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 10:22:12 73 ----a-w- C:\Windows\SysWow64\ssprs.dll
2011-05-28 10:22:12 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
.
============= FINISH: 7:27:35.85 ===============
Attached File(s)
-
Attach.txt (12.59K)
Number of downloads: 0
Back to top
In order to continue receiving help at BleepingComputer.com, 
If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:
