Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect


  • This topic is locked This topic is locked
25 replies to this topic

#1 EricaT

EricaT

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 11 March 2010 - 02:41 PM

Hello there. I previously posted in the "I'm in the infected section." No one has answered to my thread yet, so I thought I'd take the initiative to post my actual problem in this part of the forum. Here's my description of my issue:

About a month now, I have noticed that my web browser would get redirected to another page once I clicked on a Google search link. I noticed that whenever I get redirected, a green globe or a blue spiral icon appears at the top left next to the web address bar. I've ran Avast, Superantispyware, Malwarebyes and Spybot, but most of these scans came up clean with no infections except Spybot which detected cookies. I've heard stories that the computer can be most vulnerable when the Java isn't updated, and during the time which I suspected signs of redirection, my Java wasn't updated (I think...). Thanks for the help! I really really appreciate it.
Here are my logs: DDS and Attach, in respective order.




DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 23:36:04,48 on 10.03.2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2386 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] e:\new folder\daemon tools lite\DTLite.exe -autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: MaxRecentDocs = 18 (0x12)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\qjgr45p4.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [2009-2-13 9096]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-2-19 212232]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-19 68136]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-1 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-1 19160]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-19 1684736]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-2-19 17280]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]

=============== Created Last 30 ================

2010-03-04 22:32:35 0 d-----w- c:\program files\common files\muvee Technologies
2010-03-04 22:32:30 0 d-----w- c:\program files\common files\Nikon
2010-03-04 22:32:27 0 d-----w- c:\program files\Nikon
2010-03-04 22:31:23 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-03-04 22:31:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Framework
2010-03-04 22:25:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-04 22:25:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-04 08:19:19 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-04 08:19:09 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-04 08:19:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-04 02:14:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-03-03 22:34:07 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 22:34:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-01 07:38:45 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-03-01 07:38:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 07:38:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-01 07:38:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 07:38:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 05:00:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 02:32:33 0 d-----w- c:\program files\Paint.NET
2010-02-26 23:36:20 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2010-02-26 23:31:15 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-02-24 03:12:20 0 d-----w- C:\BDS
2010-02-24 03:06:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-24 03:06:37 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2010-02-23 07:25:24 0 d-----w- c:\program files\dumps
2010-02-21 10:16:43 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-02-21 10:04:38 0 d-----w- c:\docume~1\admini~1\applic~1\5400 Series
2010-02-21 10:04:30 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-21 10:03:36 0 d-----w- c:\program files\lx_cats
2010-02-21 10:03:17 40960 ----a-w- c:\windows\system32\lxctvs.dll
2010-02-21 10:03:16 335872 ----a-w- c:\windows\system32\lxctcoin.dll
2010-02-21 10:03:13 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-02-21 10:03:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-21 10:03:10 692224 ----a-w- c:\windows\system32\lxctdrs.dll
2010-02-21 10:03:10 65536 ----a-w- c:\windows\system32\lxctcaps.dll
2010-02-21 10:03:10 61440 ----a-w- c:\windows\system32\lxctcnv4.dll
2010-02-21 10:02:32 0 d-----w- c:\docume~1\alluse~1\applic~1\5400 Series
2010-02-21 10:02:27 0 d-----w- c:\program files\Lexmark Toolbar
2010-02-21 10:02:24 0 d-----w- c:\program files\Lexmark 5400 Series
2010-02-21 10:01:53 0 d-----w- C:\drivers
2010-02-20 00:35:06 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-20 00:35:00 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-20 00:35:00 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-02-20 00:24:43 0 d-----w- c:\program files\DivX
2010-02-20 00:24:43 0 d-----w- c:\program files\common files\DivX Shared
2010-02-19 22:05:01 376 ----a-w- c:\windows\ODBC.INI
2010-02-19 22:04:57 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-02-19 22:04:31 0 d-----w- c:\program files\Microsoft ActiveSync
2010-02-19 22:04:19 0 d-----w- c:\windows\SHELLNEW
2010-02-19 21:08:38 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-19 20:49:08 0 d-----w- c:\program files\Steam
2010-02-19 20:47:32 0 d-----w- c:\program files\Ventrilo
2010-02-19 20:47:29 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-02-19 20:47:20 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-19 20:47:10 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-02-19 20:47:10 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-02-19 20:47:10 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-02-19 05:03:24 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-19 05:02:06 0 d-----w- c:\program files\MSXML 4.0
2010-02-19 05:01:37 0 d--h--w- c:\windows\$hf_mig$
2010-02-19 01:22:51 701 ----a-w- C:\RodSettings.ini
2010-02-19 00:10:14 17280 ----a-r- c:\windows\system32\drivers\bfturboh.sys
2010-02-19 00:10:13 9500 ----a-r- c:\windows\UN070618.INI
2010-02-19 00:10:13 382328 ----a-r- c:\windows\UN070618.EXE
2010-02-19 00:10:12 0 d-----w- c:\program files\BUFFALO
2010-02-18 23:35:48 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-02-18 23:35:41 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-18 23:34:05 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-02-18 23:34:03 0 d-----w- c:\program files\AIM
2010-02-18 23:34:02 0 d-----w- c:\program files\common files\Software Update Utility
2010-02-18 23:34:02 0 d-----w- c:\program files\common files\AOL
2010-02-18 23:26:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-02-18 23:25:32 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-18 23:22:26 0 d-----w- c:\program files\Realtek
2010-02-18 23:22:14 0 d-----w- c:\program files\AMD
2010-02-18 23:21:55 0 d--h--w- c:\program files\DeviceVM
2010-02-18 23:21:42 0 d-----w- c:\program files\Gigabyte
2010-02-18 23:13:58 0 d-----w- c:\program files\MediaLooks
2010-02-18 23:13:53 0 d-----w- c:\program files\QuickTime Alternative
2010-02-18 23:13:40 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-18 23:13:33 0 d-----w- c:\program files\Foxit Software
2010-02-18 23:13:33 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit
2010-02-18 23:13:28 0 d-----w- c:\program files\CCleaner
2010-02-18 23:13:25 0 d-----w- c:\program files\Unlocker
2010-02-18 23:13:01 0 d-----w- c:\program files\UPHClean
2010-02-18 23:12:57 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-18 23:09:46 0 d-----w- c:\program files\common files\ODBC
2010-02-18 23:09:42 0 d-----w- c:\program files\common files\SpeechEngines
2010-02-18 23:07:25 0 d-----r- c:\documents and settings\all users\Documents
2010-02-18 23:03:37 0 d-sh--w- c:\documents and settings\all users\DRM
2010-02-18 23:03:21 0 d--h--w- c:\program files\WindowsUpdate
2010-02-18 23:03:06 0 d-----w- c:\program files\Windows Media Connect 2
2010-02-18 23:02:48 0 d-----w- c:\program files\common files\MSSoap

==================== Find3M ====================

2010-03-10 22:06:20 17488 ----a-w- c:\windows\gdrv.sys
2010-03-04 22:31:20 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-02-18 23:01:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03:33 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-01 07:58:29 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

============= FINISH: 23:37:02,23 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19.02.2010 00:04:58
System Uptime: 03.10.2010 23:05:44 (-4968 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon™ II X2 240 Processor | Socket M2 | 2812/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 35 GiB total, 6,284 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 28,889 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 19.02.2010 00:07:27 - System Checkpoint
RP2: 19.02.2010 00:09:55 - Installed Windows KB954550-v5.
RP3: 19.02.2010 00:09:59 - Printer Driver Microsoft XPS Document Writer Installed
RP4: 19.02.2010 00:12:18 - Installed Microsoft Visual C++ 2005 Redistributable
RP5: 19.02.2010 00:12:27 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP6: 19.02.2010 00:12:38 - Installed Java™ 6 Update 12
RP7: 19.02.2010 00:13:00 - Installed User Profile Hive Cleanup Service
RP8: 19.02.2010 00:13:08 - Installed Alt-Tab Task Switcher Powertoy for Windows XP
RP9: 19.02.2010 00:13:21 - Installed Microsoft AppLocale

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
AIM 7
Alt-Tab Task Switcher Powertoy for Windows XP
AMD Processor Driver
ArcSoft Panorama Maker 4
Borderlands
Browser Configuration Utility
BUFFALO TurboUSB for FLASH/HDD
CCleaner (remove only)
Counter-Strike: Source
DivX Plus Web Player
Download Updater (AOL LLC)
EasySaver B9.0610.1
File Uploader
Foxit Reader
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Java™ 6 Update 17
K-Lite Mega Codec Pack 4.6.2
Left 4 Dead 2
Lexmark 5400 Series
Malwarebytes' Anti-Malware
MediaLooks QuickTime Source 1.7.0.3 (DirectShow Filter)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
Open Command Prompt Shell Extension (x86-32)
Paint.NET v3.5.4
QuickTime Alternative 2.8.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Professional
Team Fortress 2
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
WebFldrs XP
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Winrar 3.92
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10.03.2010 02:22:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
05.03.2010 07:04:14, error: W32Time [34] - The time service has detected that the system time needs to be changed by +75672 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.70:123->207.46.197.32:123) is working properly.
04.03.2010 04:53:24, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{99EB6B20-06DE-4010-A4. The master browser is stopping or an election is being forced.
03.03.2010 10:17:05, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
03.03.2010 10:17:05, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
03.03.2010 10:16:49, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
03.03.2010 10:16:49, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
03.03.2010 09:22:14, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ea: Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207).
03.03.2010 07:24:56, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
03.03.2010 00:20:47, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

Edited by EricaT, 11 March 2010 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 13 March 2010 - 04:17 PM

Hello, EricaT.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 14 March 2010 - 01:22 AM

Thank you so much for your response. I greatly appreciate it. As requested here are the logs: log, info and gmer


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-12 23:48:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (17%) free of 36 GB
Total RAM: 3326 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:38 PM, on 3/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] E:\New Folder\DAEMON Tools Lite\DTLite.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7357 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD92DE22-ED91-4560-B788-DEE2B26612E6}]
BHO Class - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll [2009-06-22 335104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-20 17881600]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"lxctmon.exe"=C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2007-01-11 291760]
"Lexmark 5400 Series Fax Server"=C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-07-10 294912]
"EzPrint"=C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-06-06 98304]
"LXCTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-10 149280]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-09-30 485208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"DAEMON Tools Lite"=E:\New Folder\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-26 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-02-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoSharedDocuments"=1
"MaxRecentDocs"=18
"NoSMConfigurePrograms"=1
"NoRecentDocsNetHood"=1
"MemCheckBoxInRunDlg"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\lxctcoms.exe"="C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\steamapps\losttim401\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\losttim401\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Windows\CHECK\DriveNavigator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265bb022-1e6b-11df-af8c-00241dd19089}]
shell\AutoRun\command - G:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe
shell\open\command - G:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe


======List of files/folders created in the last 1 months======

2010-03-12 23:48:26 ----D---- C:\rsit
2010-03-12 23:48:26 ----D---- C:\Program Files\trend micro
2010-03-12 22:16:15 ----D---- C:\WINDOWS\pss
2010-03-10 16:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-04 14:34:25 ----D---- C:\Documents and Settings\Administrator\Application Data\Nikon
2010-03-04 14:32:35 ----D---- C:\Program Files\Common Files\muvee Technologies
2010-03-04 14:32:30 ----D---- C:\Program Files\Common Files\Nikon
2010-03-04 14:32:30 ----D---- C:\Documents and Settings\All Users\Application Data\Nikon
2010-03-04 14:32:27 ----D---- C:\Program Files\Nikon
2010-03-04 14:31:23 ----D---- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2010-03-04 14:31:23 ----D---- C:\Documents and Settings\All Users\Application Data\Framework
2010-03-04 14:31:23 ----D---- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2010-03-04 14:30:10 ----D---- C:\Program Files\ArcSoft
2010-03-04 14:25:36 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-04 14:25:36 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-04 00:19:09 ----D---- C:\Program Files\Hitman Pro 3.5
2010-03-04 00:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-03-03 18:14:13 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2010-03-03 14:34:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-03 14:34:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-03 14:32:02 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-03 14:32:02 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-03 14:32:02 ----A---- C:\WINDOWS\system32\java.exe
2010-02-28 23:38:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-02-28 23:38:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-28 23:38:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-28 18:32:33 ----D---- C:\Program Files\Paint.NET
2010-02-26 15:36:20 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2010-02-26 15:31:15 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-02-23 19:12:20 ----D---- C:\BDS
2010-02-23 19:06:37 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2010-02-23 02:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 23:25:24 ----D---- C:\Program Files\dumps
2010-02-22 17:30:46 ----D---- C:\Program Files\Alwil Software
2010-02-21 02:04:38 ----D---- C:\Documents and Settings\Administrator\Application Data\5400 Series
2010-02-21 02:03:36 ----D---- C:\Program Files\lx_cats
2010-02-21 02:03:17 ----A---- C:\WINDOWS\system32\lxctvs.dll
2010-02-21 02:03:16 ----A---- C:\WINDOWS\system32\lxctcoin.dll
2010-02-21 02:03:13 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-02-21 02:03:10 ----A---- C:\WINDOWS\system32\lxctdrs.dll
2010-02-21 02:03:10 ----A---- C:\WINDOWS\system32\lxctcnv4.dll
2010-02-21 02:03:10 ----A---- C:\WINDOWS\system32\lxctcaps.dll
2010-02-21 02:02:55 ----A---- C:\WINDOWS\system32\lxctpmon.dll
2010-02-21 02:02:55 ----A---- C:\WINDOWS\system32\LXCTFXPU.DLL
2010-02-21 02:02:35 ----A---- C:\WINDOWS\system32\lxctpmrc.dll
2010-02-21 02:02:35 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2010-02-21 02:02:35 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2010-02-21 02:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\5400 Series
2010-02-21 02:02:27 ----D---- C:\Program Files\Lexmark Toolbar
2010-02-21 02:02:24 ----D---- C:\Program Files\Lexmark 5400 Series
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctutil.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctusb1.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctserv.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctprox.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctpplc.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctpmui.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctlmpm.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctjswr.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\LXCTinst.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctinsr.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctinsb.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctins.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctinpa.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctih.exe
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctiesc.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxcthbn3.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctgrd.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctgf.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcur.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcub.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcu.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcoms.exe
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcomm.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcomc.dll
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\lxctcfg.exe
2010-02-21 02:02:10 ----A---- C:\WINDOWS\system32\LXCTcfg.dll
2010-02-21 02:01:53 ----D---- C:\drivers
2010-02-19 17:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-19 17:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-19 16:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-19 16:35:00 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-19 16:35:00 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-19 16:24:43 ----D---- C:\Program Files\DivX
2010-02-19 16:24:43 ----D---- C:\Program Files\Common Files\DivX Shared
2010-02-19 16:18:34 ----D---- C:\WINDOWS\Sun
2010-02-19 14:05:01 ----A---- C:\WINDOWS\ODBC.INI
2010-02-19 14:04:57 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-02-19 14:04:31 ----D---- C:\Program Files\Microsoft ActiveSync
2010-02-19 14:04:29 ----D---- C:\Program Files\Common Files\DESIGNER
2010-02-19 14:04:19 ----D---- C:\WINDOWS\SHELLNEW
2010-02-19 14:04:18 ----D---- C:\Program Files\Microsoft.NET
2010-02-19 14:04:18 ----D---- C:\Program Files\Microsoft Office
2010-02-19 13:08:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2010-02-19 12:49:08 ----D---- C:\Program Files\Steam
2010-02-19 12:47:32 ----D---- C:\Program Files\Ventrilo
2010-02-19 12:47:29 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-02-19 12:47:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-18 21:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-18 21:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-18 21:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-18 21:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-18 21:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-18 21:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-18 21:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-18 21:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-18 21:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-18 21:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-18 21:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-18 21:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-18 21:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-18 21:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-18 21:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-18 21:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-18 21:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-18 21:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-18 21:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-18 21:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-18 21:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-18 21:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-18 21:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-18 21:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-18 21:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-18 21:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-18 21:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-18 21:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-18 21:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-18 21:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-18 21:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-18 21:03:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-18 21:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-18 21:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-18 21:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-18 21:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-18 21:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-18 21:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-18 21:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-18 21:02:06 ----D---- C:\Program Files\MSXML 4.0
2010-02-18 21:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-18 21:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-18 21:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-18 21:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-18 21:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-18 17:22:51 ----A---- C:\RodSettings.ini
2010-02-18 16:10:13 ----RA---- C:\WINDOWS\UN070618.INI
2010-02-18 16:10:13 ----RA---- C:\WINDOWS\UN070618.EXE
2010-02-18 16:10:12 ----D---- C:\Program Files\BUFFALO
2010-02-18 16:05:33 ----SHD---- C:\RECYCLER
2010-02-18 15:58:23 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2010-02-18 15:58:21 ----D---- C:\Program Files\Winrar
2010-02-18 15:58:11 ----A---- C:\WINDOWS\system32\h323log.txt
2010-02-18 15:57:49 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-02-18 15:55:10 ----A---- C:\WINDOWS\system32\usbui.dll
2010-02-18 15:48:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-02-18 15:47:50 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 15:35:48 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-02-18 15:35:41 ----D---- C:\Program Files\NVIDIA Corporation
2010-02-18 15:35:04 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-02-18 15:35:04 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-02-18 15:35:04 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-02-18 15:35:04 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-02-18 15:35:04 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-02-18 15:35:03 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-02-18 15:35:03 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-02-18 15:35:03 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-02-18 15:35:03 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-02-18 15:35:03 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-02-18 15:35:01 ----D---- C:\NVIDIA
2010-02-18 15:35:01 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
2010-02-18 15:34:05 ----D---- C:\Documents and Settings\All Users\Application Data\AIM
2010-02-18 15:34:03 ----D---- C:\Program Files\AIM
2010-02-18 15:34:02 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-02-18 15:34:02 ----D---- C:\Program Files\Common Files\AOL
2010-02-18 15:26:06 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-02-18 15:25:32 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-02-18 15:24:30 ----D---- C:\WINDOWS\system32\Lang
2010-02-18 15:22:43 ----D---- C:\WINDOWS\system32\RTCOM
2010-02-18 15:22:40 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-18 15:22:35 ----A---- C:\WINDOWS\vncutil.exe
2010-02-18 15:22:35 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-02-18 15:22:35 ----A---- C:\WINDOWS\SkyTel.exe
2010-02-18 15:22:34 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2010-02-18 15:22:34 ----A---- C:\WINDOWS\RtlUpd.exe
2010-02-18 15:22:34 ----A---- C:\WINDOWS\RtkAudioService.exe
2010-02-18 15:22:33 ----A---- C:\WINDOWS\RTLCPL.EXE
2010-02-18 15:22:30 ----A---- C:\WINDOWS\RTHDCPL.EXE
2010-02-18 15:22:29 ----A---- C:\WINDOWS\MicCal.exe
2010-02-18 15:22:27 ----A---- C:\WINDOWS\ALCWZRD.EXE
2010-02-18 15:22:27 ----A---- C:\WINDOWS\ALCMTR.EXE
2010-02-18 15:22:26 ----D---- C:\Program Files\Realtek
2010-02-18 15:22:25 ----R---- C:\WINDOWS\RtlExUpd.dll
2010-02-18 15:22:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-18 15:22:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-18 15:22:14 ----D---- C:\Program Files\AMD
2010-02-18 15:22:12 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2010-02-18 15:21:55 ----HD---- C:\Program Files\DeviceVM
2010-02-18 15:21:42 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-18 15:21:42 ----D---- C:\Program Files\Gigabyte
2010-02-18 15:21:41 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-18 15:20:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2010-02-18 15:20:44 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2010-02-18 15:18:13 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-02-18 15:15:24 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-18 15:13:58 ----D---- C:\Program Files\MediaLooks
2010-02-18 15:13:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-02-18 15:13:53 ----D---- C:\Program Files\QuickTime Alternative
2010-02-18 15:13:45 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-02-18 15:13:45 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-02-18 15:13:45 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-02-18 15:13:45 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-02-18 15:13:44 ----A---- C:\WINDOWS\system32\unrar.dll
2010-02-18 15:13:43 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-02-18 15:13:43 ----A---- C:\WINDOWS\system32\x264vfw.dll
2010-02-18 15:13:43 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-02-18 15:13:43 ----A---- C:\WINDOWS\system32\huffyuv.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-02-18 15:13:42 ----A---- C:\WINDOWS\system32\divx.dll
2010-02-18 15:13:41 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-02-18 15:13:41 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-02-18 15:13:40 ----D---- C:\Program Files\K-Lite Codec Pack
2010-02-18 15:13:40 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-02-18 15:13:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
2010-02-18 15:13:33 ----D---- C:\Program Files\Foxit Software
2010-02-18 15:13:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Foxit
2010-02-18 15:13:28 ----D---- C:\Program Files\CCleaner
2010-02-18 15:13:25 ----D---- C:\Program Files\Unlocker
2010-02-18 15:13:06 ----D---- C:\WINDOWS\Downloaded Installations
2010-02-18 15:13:01 ----D---- C:\Program Files\UPHClean
2010-02-18 15:12:57 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-02-18 15:12:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-18 15:12:39 ----D---- C:\Program Files\Java
2010-02-18 15:12:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2010-02-18 15:10:13 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-18 15:10:13 ----D---- C:\Program Files\MSBuild
2010-02-18 15:10:09 ----D---- C:\Program Files\Reference Assemblies
2010-02-18 15:09:55 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-18 15:09:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-18 15:09:46 ----D---- C:\Program Files\Common Files\ODBC
2010-02-18 15:09:46 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-18 15:09:42 ----RD---- C:\Program Files
2010-02-18 15:09:42 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-02-18 15:09:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-18 15:09:42 ----D---- C:\Program Files\Common Files
2010-02-18 15:09:34 ----A---- C:\WINDOWS\system32\uniime.dll
2010-02-18 15:09:20 ----A---- C:\WINDOWS\system32\c_g18030.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbdax2.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbd106n.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\kbd101.dll
2010-02-18 15:09:19 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2010-02-18 15:09:18 ----A---- C:\WINDOWS\system32\imjp81k.dll
2010-02-18 15:09:10 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2010-02-18 15:09:10 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2010-02-18 15:09:10 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2010-02-18 15:09:09 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2010-02-18 15:09:08 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2010-02-18 15:09:08 ----A---- C:\WINDOWS\system32\c_iscii.dll
2010-02-18 15:09:07 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2010-02-18 15:09:05 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2010-02-18 15:09:05 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2010-02-18 15:09:05 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbda3.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbda2.dll
2010-02-18 15:09:04 ----RA---- C:\WINDOWS\system32\kbda1.dll
2010-02-18 15:09:04 ----A---- C:\WINDOWS\system32\kbdusa.dll
2010-02-18 15:09:01 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2010-02-18 15:08:54 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2010-02-18 15:08:54 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2010-02-18 15:08:54 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2010-02-18 15:08:54 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2010-02-18 15:08:54 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2010-02-18 15:08:53 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-02-18 15:08:52 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-02-18 15:08:52 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-02-18 15:08:51 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-02-18 15:08:35 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-02-18 15:08:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-02-18 15:08:29 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-02-18 15:08:15 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-02-18 15:08:15 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-02-18 15:08:15 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-02-18 15:07:47 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbdkor.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbd103.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbd101c.dll
2010-02-18 15:07:46 ----A---- C:\WINDOWS\system32\kbd101b.dll
2010-02-18 15:07:44 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-02-18 15:07:44 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-02-18 15:07:44 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-02-18 15:07:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-02-18 15:07:42 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-02-18 15:07:41 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-02-18 15:07:41 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-02-18 15:07:41 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-02-18 15:07:41 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-02-18 15:07:41 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-02-18 15:07:39 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-02-18 15:07:36 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-18 15:07:36 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-18 15:07:36 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-02-18 15:07:36 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-02-18 15:07:35 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-02-18 15:07:34 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-02-18 15:07:34 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-02-18 15:07:34 ----A---- C:\WINDOWS\system32\batt.dll
2010-02-18 15:07:32 ----A---- C:\WINDOWS\system32\storprop.dll
2010-02-18 15:07:32 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-02-18 15:07:25 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-02-18 15:07:02 ----HD---- C:\Program Files\Uninstall Information
2010-02-18 15:06:52 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2010-02-18 15:06:51 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-02-18 15:06:33 ----D---- C:\WINDOWS\Prefetch
2010-02-18 15:06:32 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-18 15:06:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 15:05:15 ----RA---- C:\WINDOWS\SET4.tmp
2010-02-18 15:05:13 ----RA---- C:\WINDOWS\SET3.tmp
2010-02-18 15:05:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-18 15:05:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-18 15:05:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-18 15:04:38 ----A---- C:\WINDOWS\control.ini
2010-02-18 15:04:38 ----A---- C:\AUTOEXEC.BAT
2010-02-18 15:04:33 ----A---- C:\WINDOWS\system32\UNDO_GUIMODE.TXT
2010-02-18 15:04:18 ----D---- C:\WINDOWS\system32\dllcache
2010-02-18 15:03:52 ----RA---- C:\WINDOWS\system32\RtNicProp32.dll
2010-02-18 15:03:33 ----D---- C:\Documents and Settings
2010-02-18 15:03:32 ----SHD---- C:\System Volume Information
2010-02-18 15:03:29 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-18 15:03:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-18 15:03:21 ----HD---- C:\Program Files\WindowsUpdate
2010-02-18 15:03:06 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-18 15:02:52 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-18 15:02:52 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-18 15:02:52 ----A---- C:\WINDOWS\desktop.ini
2010-02-18 15:02:49 ----SD---- C:\WINDOWS\Tasks
2010-02-18 15:02:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-18 15:02:48 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-18 15:02:45 ----RSH---- C:\boot.ini
2010-02-18 15:02:43 ----D---- C:\WINDOWS\srchasst
2010-02-18 15:02:42 ----D---- C:\WINDOWS\system32\Macromed
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-02-18 15:02:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-18 15:02:38 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-18 15:02:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-18 15:02:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-18 15:02:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-18 15:02:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-18 15:02:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-02-18 15:02:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-02-18 15:02:32 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 15:02:32 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-18 15:02:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-18 15:02:32 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-18 15:02:32 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-18 15:02:32 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-18 15:02:31 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-18 15:02:31 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-18 15:02:31 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-18 15:02:31 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-18 15:02:31 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-18 15:02:26 ----D---- C:\Program Files\Common Files\System
2010-02-18 15:02:02 ----RSD---- C:\WINDOWS\assembly
2010-02-18 15:01:56 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-18 15:01:33 ----D---- C:\Program Files\ComPlus Applications
2010-02-18 15:01:31 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-18 15:01:31 ----A---- C:\WINDOWS\vb.ini
2010-02-18 15:01:26 ----D---- C:\WINDOWS\Registration
2010-02-18 15:01:04 ----D---- C:\Program Files\Windows Media Player
2010-02-18 15:00:57 ----A---- C:\WINDOWS\system32\libpng13.dll
2010-02-18 15:00:56 ----A---- C:\WINDOWS\system32\libmmd.dll
2010-02-18 15:00:56 ----A---- C:\WINDOWS\system32\libintl3.dll
2010-02-18 15:00:56 ----A---- C:\WINDOWS\system32\libiconv2.dll
2010-02-18 15:00:55 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-02-18 15:00:55 ----A---- C:\WINDOWS\system32\cygwinb19.dll
2010-02-18 15:00:54 ----A---- C:\WINDOWS\system32\zlib1.dll
2010-02-18 15:00:54 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-02-18 15:00:54 ----A---- C:\WINDOWS\system32\cygwin1.dll
2010-02-18 15:00:54 ----A---- C:\WINDOWS\system32\AutoItX3.dll
2010-02-18 15:00:54 ----A---- C:\WINDOWS\system32\atl70.dll
2010-02-18 15:00:53 ----A---- C:\WINDOWS\system32\vb40032.dll
2010-02-18 15:00:52 ----A---- C:\WINDOWS\system32\ssleay32.dll
2010-02-18 15:00:52 ----A---- C:\WINDOWS\system32\openal32.dll
2010-02-18 15:00:52 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-02-18 15:00:52 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-02-18 15:00:51 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-18 15:00:51 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-02-18 15:00:51 ----A---- C:\WINDOWS\system32\msvci70.dll
2010-02-18 15:00:51 ----A---- C:\WINDOWS\system32\msstkprp.dll
2010-02-18 15:00:51 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70u.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70KOR.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70JPN.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70ITA.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70FRA.dll
2010-02-18 15:00:50 ----A---- C:\WINDOWS\system32\mfc70ESP.dll
2010-02-18 15:00:49 ----A---- C:\WINDOWS\system32\mfc70ENU.dll
2010-02-18 15:00:49 ----A---- C:\WINDOWS\system32\mfc70DEU.dll
2010-02-18 15:00:49 ----A---- C:\WINDOWS\system32\mfc70CHT.dll
2010-02-18 15:00:49 ----A---- C:\WINDOWS\system32\mfc70CHS.dll
2010-02-18 15:00:48 ----A---- C:\WINDOWS\system32\mfc71u.dll
2010-02-18 15:00:48 ----A---- C:\WINDOWS\system32\mfc71KOR.dll
2010-02-18 15:00:48 ----A---- C:\WINDOWS\system32\mfc71JPN.dll
2010-02-18 15:00:48 ----A---- C:\WINDOWS\system32\mfc71ITA.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71FRA.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71ESP.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71ENU.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71DEU.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71CHT.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71CHS.dll
2010-02-18 15:00:47 ----A---- C:\WINDOWS\system32\mfc71.dll
2010-02-18 15:00:46 ----A---- C:\WINDOWS\system32\ATL71.DLL
2010-02-18 15:00:45 ----A---- C:\WINDOWS\system32\mfc70.dll
2010-02-18 15:00:44 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2010-02-18 15:00:44 ----A---- C:\WINDOWS\system32\libssl32.dll
2010-02-18 15:00:38 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-02-18 15:00:37 ----A---- C:\WINDOWS\system32\WgaTray.exe.bak
2010-02-18 15:00:37 ----A---- C:\WINDOWS\system32\WgaTray.exe
2010-02-18 15:00:37 ----A---- C:\WINDOWS\system32\WgaLogon.dll.bak
2010-02-18 15:00:37 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2010-02-18 15:00:29 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-18 15:00:29 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-18 15:00:29 ----A---- C:\WINDOWS\system32\muweb.dll
2010-02-18 15:00:28 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-18 15:00:28 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-18 15:00:28 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2010-02-18 15:00:21 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-18 15:00:09 ----A---- C:\WINDOWS\system32\netfxperf.dll
2010-02-18 15:00:04 ----D---- C:\Program Files\Internet Explorer
2010-02-18 14:59:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-18 14:59:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-18 14:59:44 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-18 14:59:44 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-18 14:59:44 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-18 14:59:44 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-18 14:59:43 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-18 14:59:42 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-18 14:59:39 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-18 14:59:38 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-18 14:59:38 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-18 14:59:37 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-02-18 14:59:37 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-18 14:59:37 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-18 14:59:36 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-18 14:59:36 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-18 14:59:36 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-18 14:59:35 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-18 14:59:34 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-18 14:59:34 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-18 14:59:33 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-18 14:59:32 ----D---- C:\WINDOWS\system32\Com
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-18 14:59:32 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-18 14:59:31 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-18 14:59:31 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-18 14:59:31 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-18 14:59:31 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-18 14:59:31 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-18 14:59:25 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-18 14:59:25 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-18 14:59:25 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-18 14:59:25 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-02-18 14:58:58 ----SHD---- C:\WINDOWS\Installer
2010-02-18 14:58:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-18 14:58:58 ----RSD---- C:\WINDOWS\Fonts
2010-02-18 14:58:58 ----RD---- C:\WINDOWS\Web
2010-02-18 14:58:58 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-18 14:58:58 ----HD---- C:\WINDOWS\inf
2010-02-18 14:58:58 ----D---- C:\WINDOWS\WinSxS
2010-02-18 14:58:58 ----D---- C:\WINDOWS\WBEM
2010-02-18 14:58:58 ----D---- C:\WINDOWS\twain_32
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Temp
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\wins
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\wbem
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\usmt
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\spool
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\ShellExt
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\Setup
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\scripting
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\ras
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\npp
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\mui
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\IME
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\icsxml
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\ias
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\export
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\en-US
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\en
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\DRM
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\drivers
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\dhcp
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\config
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\3com_dmi
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\3076
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\2052
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1054
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1042
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1041
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1037
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1033
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1031
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1028
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32\1025
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system32
2010-02-18 14:58:58 ----D---- C:\WINDOWS\system
2010-02-18 14:58:58 ----D---- C:\WINDOWS\security
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Resources
2010-02-18 14:58:58 ----D---- C:\WINDOWS\repair
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Provisioning
2010-02-18 14:58:58 ----D---- C:\WINDOWS\PeerNet
2010-02-18 14:58:58 ----D---- C:\WINDOWS\pchealth
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Network Diagnostic
2010-02-18 14:58:58 ----D---- C:\WINDOWS\mui
2010-02-18 14:58:58 ----D---- C:\WINDOWS\msapps
2010-02-18 14:58:58 ----D---- C:\WINDOWS\msagent
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Media
2010-02-18 14:58:58 ----D---- C:\WINDOWS\L2Schemas
2010-02-18 14:58:58 ----D---- C:\WINDOWS\java
2010-02-18 14:58:58 ----D---- C:\WINDOWS\ime
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Help
2010-02-18 14:58:58 ----D---- C:\WINDOWS\ehome
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Driver Cache
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Debug
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Cursors
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Connection Wizard
2010-02-18 14:58:58 ----D---- C:\WINDOWS\Config
2010-02-18 14:58:58 ----D---- C:\WINDOWS\AppPatch
2010-02-18 14:58:58 ----D---- C:\WINDOWS\addins
2010-02-18 14:58:58 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-02-18 15:09:40 ----A---- C:\WINDOWS\system.ini
2010-02-18 15:04:35 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-02-12 62848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-02-12 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-02-12 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-02-12 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-11 10276768]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-23 141568]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2009-02-12 32384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-02-12 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-02-12 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\WINDOWS\system32\drivers\bfturboh.sys [2008-07-22 17280]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-03 1389056]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-02-12 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-02-12 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-02-12 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-22 212232]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-10 153376]
R2 lxct_device;lxct_device; C:\WINDOWS\system32\lxctcoms.exe [2006-07-13 528384]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-12 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2010-03-12 23:48:40

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AIM 7-->C:\Program Files\AIM\uninst.exe
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9
Borderlands-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}\setup.exe" -l0x9 -removeonly
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{5B363E1D-8C36-4458-BAE4-D5081999E094}\setup.exe" -runfromtemp -l0x0009 -removeonly
BUFFALO TurboUSB for FLASH/HDD-->C:\WINDOWS\UN070618.EXE /UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EasySaver B9.0610.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HashCheck Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\HashCheck.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Mega Codec Pack 4.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Lexmark 5400 Series-->C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1 Service Pack 1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Silverlight-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSSlight.inf,DefaultUninstall
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Open Command Prompt Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\WINDOWS\system32\ShellExt\CmdOpen.dll"
Paint.NET v3.5.4-->MsiExec.exe /X{053B3DA8-91B5-4682-A130-715412A1A252}
QuickTime Alternative 2.8.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Winrar 3.92-->C:\Program Files\Winrar\Uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: ANONYMOUS
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 335
Source Name: Print
Time Written: 20100219140457.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ANONYMOUS
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x8007f0ea: Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207).

Record Number: 211
Source Name: Windows Update Agent
Time Written: 20100218210213.000000-480
Event Type: error
User:

Computer Name: ANONYMOUS
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 208
Source Name: PlugPlayManager
Time Written: 20100218210200.000000-480
Event Type: warning
User:

Computer Name: ANONYMOUS
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 197
Source Name: Fastfat
Time Written: 20100218210133.000000-480
Event Type: warning
User:

Computer Name: ANONYMOUS
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 38
Source Name: Print
Time Written: 20100218150959.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: ANONYMOUS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 558
Source Name: crypt32
Time Written: 20100306162820.000000-480
Event Type: error
User:

Computer Name: ANONYMOUS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 557
Source Name: crypt32
Time Written: 20100306142819.000000-480
Event Type: error
User:

Computer Name: ANONYMOUS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 556
Source Name: crypt32
Time Written: 20100306142818.000000-480
Event Type: error
User:

Computer Name: ANONYMOUS
Event Code: 1000
Message: Faulting application left4dead2.exe, version 0.0.0.0, faulting module tier0.dll, version 0.0.0.0, fault address 0x000057c5.

Record Number: 435
Source Name: Application Error
Time Written: 20100228174641.000000-480
Event Type: error
User:

Computer Name: ANONYMOUS
Event Code: 1000
Message: Faulting application hl2.exe, version 0.0.0.0, faulting module studiorender.dll, version 0.0.0.0, fault address 0x0003198a.

Record Number: 433
Source Name: Application Error
Time Written: 20100228164402.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-13 01:15:41
Windows 5.1.2600 Service Pack 3
Running: 2uzjz8eu.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA1B790B0]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA119D6D0]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort2 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-12 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8B245A9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{58DC9F6D-69A0-46d3-84EF-70AE0F108A07}@ThreadID 1269762688

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Edited by EricaT, 14 March 2010 - 01:34 AM.


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 14 March 2010 - 02:39 AM

Hello, EricaT.
You're very welcome smile.gif

We need to run TDSSKiller
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks and do not include the word "Code") Then press OK.
    CODE
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\Desktop\TDSSKiller.txt" -v

    **Note:If it says "Hidden service detected" DO NOT type anything in. Just press Enter.
  4. When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here

In your next reply, please include the following:
  • TDSSKiller.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 14 March 2010 - 01:14 PM

I'm so sorry. I won't be able to run the test today. I will get to it tomorrow, if that's all right with you.

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 14 March 2010 - 01:21 PM

Sure is! Thanks for letting me know smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 March 2010 - 05:34 PM

Thanks for your understanding! Here is the TDSS.txt.


16:27:31:109 0332 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
16:27:31:109 0332 ================================================================================
16:27:31:109 0332 SystemInfo:

16:27:31:109 0332 OS Version: 5.1.2600 ServicePack: 3.0
16:27:31:109 0332 Product type: Workstation
16:27:31:109 0332 ComputerName: ANONYMOUS
16:27:31:109 0332 UserName: Administrator
16:27:31:109 0332 Windows directory: C:\WINDOWS
16:27:31:109 0332 Processor architecture: Intel x86
16:27:31:109 0332 Number of processors: 2
16:27:31:109 0332 Page size: 0x1000
16:27:31:109 0332 Boot type: Normal boot
16:27:31:109 0332 ================================================================================
16:27:31:125 0332 UnloadDriverW: NtUnloadDriver error 2
16:27:31:125 0332 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:27:31:140 0332 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:27:31:140 0332 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:27:31:140 0332 wfopen_ex: Trying to KLMD file open
16:27:31:140 0332 wfopen_ex: File opened ok (Flags 2)
16:27:31:140 0332 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:27:31:140 0332 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:27:31:140 0332 wfopen_ex: Trying to KLMD file open
16:27:31:140 0332 wfopen_ex: File opened ok (Flags 2)
16:27:31:140 0332 Initialize success
16:27:31:140 0332
16:27:31:140 0332 Scanning Services ...
16:27:31:562 0332 GetAdvancedServicesInfo: Raw services enum returned 327 services
16:27:31:562 0332
16:27:31:562 0332 Scanning Kernel memory ...
16:27:31:562 0332 Devices to scan: 5
16:27:31:562 0332
16:27:31:562 0332 Driver Name: Disk
16:27:31:562 0332 IRP_MJ_CREATE : B810EBB0
16:27:31:562 0332 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:27:31:562 0332 IRP_MJ_CLOSE : B810EBB0
16:27:31:562 0332 IRP_MJ_READ : B8108D1F
16:27:31:562 0332 IRP_MJ_WRITE : B8108D1F
16:27:31:562 0332 IRP_MJ_QUERY_INFORMATION : 804F4562
16:27:31:562 0332 IRP_MJ_SET_INFORMATION : 804F4562
16:27:31:562 0332 IRP_MJ_QUERY_EA : 804F4562
16:27:31:562 0332 IRP_MJ_SET_EA : 804F4562
16:27:31:562 0332 IRP_MJ_FLUSH_BUFFERS : B81092E2
16:27:31:562 0332 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:27:31:562 0332 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:27:31:562 0332 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:27:31:562 0332 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:27:31:562 0332 IRP_MJ_DEVICE_CONTROL : B81093BB
16:27:31:562 0332 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
16:27:31:562 0332 IRP_MJ_SHUTDOWN : B81092E2
16:27:31:562 0332 IRP_MJ_LOCK_CONTROL : 804F4562
16:27:31:562 0332 IRP_MJ_CLEANUP : 804F4562
16:27:31:562 0332 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:27:31:562 0332 IRP_MJ_QUERY_SECURITY : 804F4562
16:27:31:562 0332 IRP_MJ_SET_SECURITY : 804F4562
16:27:31:562 0332 IRP_MJ_POWER : B810AC82
16:27:31:562 0332 IRP_MJ_SYSTEM_CONTROL : B810F99E
16:27:31:562 0332 IRP_MJ_DEVICE_CHANGE : 804F4562
16:27:31:562 0332 IRP_MJ_QUERY_QUOTA : 804F4562
16:27:31:562 0332 IRP_MJ_SET_QUOTA : 804F4562
16:27:31:593 0332 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:27:31:593 0332
16:27:31:593 0332 Driver Name: usbstor
16:27:31:593 0332 IRP_MJ_CREATE : A2AF0218
16:27:31:593 0332 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:27:31:593 0332 IRP_MJ_CLOSE : A2AF0218
16:27:31:593 0332 IRP_MJ_READ : A2AF023C
16:27:31:593 0332 IRP_MJ_WRITE : A2AF023C
16:27:31:593 0332 IRP_MJ_QUERY_INFORMATION : 804F4562
16:27:31:593 0332 IRP_MJ_SET_INFORMATION : 804F4562
16:27:31:593 0332 IRP_MJ_QUERY_EA : 804F4562
16:27:31:593 0332 IRP_MJ_SET_EA : 804F4562
16:27:31:593 0332 IRP_MJ_FLUSH_BUFFERS : 804F4562
16:27:31:593 0332 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:27:31:593 0332 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:27:31:593 0332 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:27:31:593 0332 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:27:31:593 0332 IRP_MJ_DEVICE_CONTROL : A2AF0180
16:27:31:593 0332 IRP_MJ_INTERNAL_DEVICE_CONTROL : A2AEB9E6
16:27:31:593 0332 IRP_MJ_SHUTDOWN : 804F4562
16:27:31:593 0332 IRP_MJ_LOCK_CONTROL : 804F4562
16:27:31:593 0332 IRP_MJ_CLEANUP : 804F4562
16:27:31:593 0332 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:27:31:593 0332 IRP_MJ_QUERY_SECURITY : 804F4562
16:27:31:593 0332 IRP_MJ_SET_SECURITY : 804F4562
16:27:31:593 0332 IRP_MJ_POWER : A2AEF5F0
16:27:31:593 0332 IRP_MJ_SYSTEM_CONTROL : A2AEDA6E
16:27:31:593 0332 IRP_MJ_DEVICE_CHANGE : 804F4562
16:27:31:593 0332 IRP_MJ_QUERY_QUOTA : 804F4562
16:27:31:593 0332 IRP_MJ_SET_QUOTA : 804F4562
16:27:31:609 0332 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
16:27:31:609 0332
16:27:31:609 0332 Driver Name: Disk
16:27:31:609 0332 IRP_MJ_CREATE : B810EBB0
16:27:31:609 0332 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:27:31:609 0332 IRP_MJ_CLOSE : B810EBB0
16:27:31:609 0332 IRP_MJ_READ : B8108D1F
16:27:31:609 0332 IRP_MJ_WRITE : B8108D1F
16:27:31:609 0332 IRP_MJ_QUERY_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_SET_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_EA : 804F4562
16:27:31:609 0332 IRP_MJ_SET_EA : 804F4562
16:27:31:609 0332 IRP_MJ_FLUSH_BUFFERS : B81092E2
16:27:31:609 0332 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_DEVICE_CONTROL : B81093BB
16:27:31:609 0332 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
16:27:31:609 0332 IRP_MJ_SHUTDOWN : B81092E2
16:27:31:609 0332 IRP_MJ_LOCK_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_CLEANUP : 804F4562
16:27:31:609 0332 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_SECURITY : 804F4562
16:27:31:609 0332 IRP_MJ_SET_SECURITY : 804F4562
16:27:31:609 0332 IRP_MJ_POWER : B810AC82
16:27:31:609 0332 IRP_MJ_SYSTEM_CONTROL : B810F99E
16:27:31:609 0332 IRP_MJ_DEVICE_CHANGE : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_QUOTA : 804F4562
16:27:31:609 0332 IRP_MJ_SET_QUOTA : 804F4562
16:27:31:609 0332 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:27:31:609 0332
16:27:31:609 0332 Driver Name: Disk
16:27:31:609 0332 IRP_MJ_CREATE : B810EBB0
16:27:31:609 0332 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:27:31:609 0332 IRP_MJ_CLOSE : B810EBB0
16:27:31:609 0332 IRP_MJ_READ : B8108D1F
16:27:31:609 0332 IRP_MJ_WRITE : B8108D1F
16:27:31:609 0332 IRP_MJ_QUERY_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_SET_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_EA : 804F4562
16:27:31:609 0332 IRP_MJ_SET_EA : 804F4562
16:27:31:609 0332 IRP_MJ_FLUSH_BUFFERS : B81092E2
16:27:31:609 0332 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:27:31:609 0332 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_DEVICE_CONTROL : B81093BB
16:27:31:609 0332 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
16:27:31:609 0332 IRP_MJ_SHUTDOWN : B81092E2
16:27:31:609 0332 IRP_MJ_LOCK_CONTROL : 804F4562
16:27:31:609 0332 IRP_MJ_CLEANUP : 804F4562
16:27:31:609 0332 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_SECURITY : 804F4562
16:27:31:609 0332 IRP_MJ_SET_SECURITY : 804F4562
16:27:31:609 0332 IRP_MJ_POWER : B810AC82
16:27:31:609 0332 IRP_MJ_SYSTEM_CONTROL : B810F99E
16:27:31:609 0332 IRP_MJ_DEVICE_CHANGE : 804F4562
16:27:31:609 0332 IRP_MJ_QUERY_QUOTA : 804F4562
16:27:31:609 0332 IRP_MJ_SET_QUOTA : 804F4562
16:27:31:609 0332 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:27:31:609 0332
16:27:31:609 0332 Driver Name: atapi
16:27:31:609 0332 IRP_MJ_CREATE : 8B245A9A
16:27:31:609 0332 IRP_MJ_CREATE_NAMED_PIPE : 8B245A9A
16:27:31:609 0332 IRP_MJ_CLOSE : 8B245A9A
16:27:31:609 0332 IRP_MJ_READ : 8B245A9A
16:27:31:609 0332 IRP_MJ_WRITE : 8B245A9A
16:27:31:609 0332 IRP_MJ_QUERY_INFORMATION : 8B245A9A
16:27:31:609 0332 IRP_MJ_SET_INFORMATION : 8B245A9A
16:27:31:609 0332 IRP_MJ_QUERY_EA : 8B245A9A
16:27:31:609 0332 IRP_MJ_SET_EA : 8B245A9A
16:27:31:609 0332 IRP_MJ_FLUSH_BUFFERS : 8B245A9A
16:27:31:609 0332 IRP_MJ_QUERY_VOLUME_INFORMATION : 8B245A9A
16:27:31:609 0332 IRP_MJ_SET_VOLUME_INFORMATION : 8B245A9A
16:27:31:609 0332 IRP_MJ_DIRECTORY_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_FILE_SYSTEM_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_DEVICE_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_SHUTDOWN : 8B245A9A
16:27:31:609 0332 IRP_MJ_LOCK_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_CLEANUP : 8B245A9A
16:27:31:609 0332 IRP_MJ_CREATE_MAILSLOT : 8B245A9A
16:27:31:609 0332 IRP_MJ_QUERY_SECURITY : 8B245A9A
16:27:31:609 0332 IRP_MJ_SET_SECURITY : 8B245A9A
16:27:31:609 0332 IRP_MJ_POWER : 8B245A9A
16:27:31:609 0332 IRP_MJ_SYSTEM_CONTROL : 8B245A9A
16:27:31:609 0332 IRP_MJ_DEVICE_CHANGE : 8B245A9A
16:27:31:609 0332 IRP_MJ_QUERY_QUOTA : 8B245A9A
16:27:31:609 0332 IRP_MJ_SET_QUOTA : 8B245A9A
16:27:31:609 0332 Driver "atapi" infected by TDSS rootkit!
16:27:31:625 0332 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
16:27:31:625 0332 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 16:27:31:625 0332 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
16:27:31:625 0332 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
16:27:31:718 0332 vfvi6
16:27:31:750 0332 !dsvbh1
16:27:31:906 0332 dsvbh2
16:27:31:906 0332 fdfb2
16:27:31:906 0332 Backup copy found, using it..
16:27:31:906 0332 will be cured on next reboot
16:27:31:906 0332 Reboot required for cure complete..
16:27:31:968 0332 Cure on reboot scheduled successfully
16:27:31:968 0332
16:27:31:968 0332 Completed
16:27:31:968 0332
16:27:31:968 0332 Results:
16:27:31:968 0332 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
16:27:31:968 0332 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:27:31:968 0332 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:27:31:968 0332
16:27:31:968 0332 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:27:31:968 0332 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:27:31:968 0332 UnloadDriverW: NtUnloadDriver error 1
16:27:31:968 0332 KLMD_Unload: UnloadDriverW(klmd21) error 1
16:27:31:968 0332 KLMD(ARK) unloaded successfully


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 15 March 2010 - 05:36 PM

Hello, EricaT.
We need to run a GMER scan
  1. Close all other open programs as there is a slight chance your computer will crash.
  2. Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  3. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  4. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  5. When the scan is complete, click Save and save the log onto your desktop.

NEXT:

We need to run an MBR scan
  1. Please download MBR.exe and save it to your root directory (usually C:\).
  2. Now click Start > Run and copy/paste the following text in the box that opens. Do not copy the word "code".
    CODE
    C:\mbr.exe -t
  3. Press enter.
  4. An mbr.log should be created in your root directory. Please post its contents in your next reply.

In your next reply, please include the following:
  • gmer.log
  • mbr.exe log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 March 2010 - 06:38 PM

Here are the gmer and mbr logs.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 17:26:22
Windows 5.1.2600 Service Pack 3
Running: 2uzjz8eu.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB09BB0B0]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB00CB6D0]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{58DC9F6D-69A0-46d3-84EF-70AE0F108A07}@ThreadID 1269906217

---- EOF - GMER 1.0.15 ----





Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 15 March 2010 - 06:40 PM

Hello, EricaT.
Looks good! How's your computer doing?

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 March 2010 - 06:51 PM

Yay! I've clicked dozen of Google search links with no redirects! Thank you so much! I'm just scanning the computer with the Panda active Scan.

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 15 March 2010 - 06:52 PM

Excellent!

I'll wait for the logs smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 March 2010 - 08:32 PM

The scan is taking a really long time. But I guess we have to be patient. thumbup2.gif

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:24 AM

Posted 15 March 2010 - 08:39 PM

Hi!

Yes, the scan will take a while, since it will scan your whole computer for anything we may have missed smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 EricaT

EricaT
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 March 2010 - 09:29 PM

I went through the whole scan, but I wasn't able to find a button that allows me to save a log file. I downloaded the plugin and let it scan my computer. After the scan finished, a page comes up saying "Your computer is infected." I'm not sure what I did wrong.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users