Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Securityessentials2010 / MultipleAV /xp sec tool 2010


  • This topic is locked This topic is locked
12 replies to this topic

#1 montpax

montpax

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 15 April 2010 - 09:51 PM

Rogue.Securityessentials2010 was the first problem
Now I have xp security tool 2010.
In addition I am having the browser hijacked (Mozilla).
I have been using Super Antispyware, rkill, Malwarebytes, Combi-fix, Root Repeal
and have not got a complete fix. Xp tool comes back and the broswer is still hijacked.
I had a problem first using rkill and it is posted elsewhere in the forums.
An additional problem just arose. I go to open a program and it gives me the screen to choose a program to open with.

Thanks, Montpax


DDS (Ver_10-03-17.01) - NTFSx86
Run by Brad at 23:09:07.90 on Mon 12/31/2001
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.661 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pricecatcher.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [System Mechanic Startup Guard] "c:\program files\iolo\system mechanic 5 professional\StartupGuard.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102554211593
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - hxxp://www.heathmanhotel.com/tourthehotelie/svideo3.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\lc56it7k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\brad\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npmozax.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-5-7 9344]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2004-12-8 84529]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 66632]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-5-7 389504]
R2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2005-11-17 38176]
S0 pwsgfyl;pwsgfyl;c:\windows\system32\drivers\wgxkprc.sys --> c:\windows\system32\drivers\wgxkprc.sys [?]
S0 pxfoxqkk;pxfoxqkk;c:\windows\system32\drivers\qtejo.sys --> c:\windows\system32\drivers\qtejo.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-1 38224]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-12-27 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-12-27 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-12-27 21081]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2004-12-20 48128]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]
S3 SGUARD;SGUARD;c:\windows\system32\drivers\SGuard.sys [2006-6-16 28236]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-15 21:25:56 407680 ----a-w- C:\avastcleanr.exe
2010-04-13 17:58:18 126100 ----a-w- C:\MGlogs.zip
2010-04-13 17:21:33 77312 ----a-w- c:\windows\MBR.exe
2010-04-13 17:21:33 261632 ----a-w- c:\windows\PEV.exe
2010-04-11 20:56:52 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-11 19:08:02 120 ----a-w- c:\windows\Wmuwiperewehap.dat
2010-04-11 19:08:02 0 ----a-w- c:\windows\Gquriwepasuleb.bin
2010-03-31 23:45:42 0 d-----w- c:\docume~1\brad\applic~1\Facebook
2010-03-28 16:36:22 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-28 16:36:22 1409 ----a-w- c:\windows\QTFont.for
2010-03-18 04:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 04:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-09-09 03:33:28 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-12 08:57:20 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-12 08:56:20 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-05 09:11:47 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 18:55:28 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-06-25 18:36:08 517120 -c----w- c:\windows\system32\dllcache\mqsnap.dll
2009-06-25 18:36:08 225280 -c----w- c:\windows\system32\dllcache\mqoa.dll
2009-06-25 18:36:08 186880 -c----w- c:\windows\system32\dllcache\mqtrig.dll
2009-06-25 18:36:08 169472 -c----w- c:\windows\system32\dllcache\msmqocm.dll
2009-06-25 18:36:08 123392 -c----w- c:\windows\system32\dllcache\mqrtdep.dll
2009-06-22 11:49:23 19968 -c----w- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 11:49:23 117248 -c----w- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 11:49:04 4608 -c----w- c:\windows\system32\dllcache\mqsvc.exe
2009-06-16 14:55:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 11:50:54 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 11:50:53 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:21:48 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-05-12 10:00:21 0 d-----w- c:\windows\system32\KB905474
2009-05-07 15:44:00 344064 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-04-26 21:02:52 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-04-26 21:02:52 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-26 21:02:52 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-26 21:02:51 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-04-26 21:02:51 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-26 21:02:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-26 21:02:51 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-26 21:02:51 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-26 21:02:50 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-04-26 20:57:55 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-02-20 08:14:47 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-02-03 20:08:52 55808 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-19 22:31:20 31048 ----a-w- c:\windows\system32\drivers\point32.sys
2009-01-19 22:30:51 0 d-----w- c:\program files\Microsoft IntelliPoint
2009-01-19 22:30:01 0 d-----w- c:\program files\MSXML 6.0
2009-01-06 04:38:18 66048 ----a-w- c:\windows\ieResetIcons.exe
2009-01-05 07:11:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-01-05 06:58:54 0 d-----w- c:\program files\common files\Symantec Shared
2009-01-03 22:52:44 0 d-----w- C:\Runtime Software
2009-01-03 21:47:05 0 d-----w- C:\IObit
2009-01-03 10:21:09 0 d-----w- C:\DrvCareXP
2009-01-03 00:18:14 50688 ----a-w- C:\ATF-Cleaner.exe
2009-01-02 06:52:13 0 d-----w- C:\OnlineArmor
2009-01-02 04:42:51 0 d-----w- C:\SmitfraudFix
2009-01-02 04:12:39 991232 -c----w- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-02 04:12:39 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-02 04:12:39 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-01-02 04:12:39 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-01-02 04:12:39 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-01-02 04:12:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-01-02 04:12:38 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-01-02 04:12:38 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-02 04:12:38 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-02 04:06:14 0 d-----w- c:\windows\network diagnostic
2009-01-02 02:51:40 0 d-----w- C:\Downloads
2009-01-01 21:13:01 11254 ----a-w- c:\windows\system32\locate.com
2009-01-01 21:12:23 0 d-----w- C:\MGtools
2009-01-01 21:11:51 2389388 ----a-w- C:\MGtools.exe
2009-01-01 20:43:34 0 d-sha-r- C:\cmdcons
2009-01-01 20:42:37 98816 ----a-w- c:\windows\sed.exe
2009-01-01 20:42:37 161792 ----a-w- c:\windows\SWREG.exe
2009-01-01 16:45:36 0 d-----w- c:\windows\system32\NtmsData
2009-01-01 08:37:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-01 08:37:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 08:37:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 07:49:42 0 d-----w- c:\docume~1\brad\applic~1\Malwarebytes
2009-01-01 07:49:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 07:49:25 0 d-----w- c:\documents and settings\brad\Malwarebytes' Anti-Malware
2008-12-31 23:12:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-31 23:05:12 0 d-----w- c:\program files\SUPERAntiSpyware
2008-12-31 23:05:12 0 d-----w- c:\docume~1\brad\applic~1\SUPERAntiSpyware.com
2008-12-24 17:31:56 0 d-----w- c:\program files\CardPlayer
2008-12-24 17:31:56 0 d-----w- c:\docume~1\alluse~1\applic~1\CardPlayer
2008-12-17 21:46:44 0 d-----w- c:\program files\Conduit
2008-12-17 21:46:39 0 d-----w- c:\program files\The Hat
2008-12-16 12:47:51 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-06 06:13:16 0 d-----w- c:\windows\cloudeight
2008-10-01 00:43:34 1286152 ----a-w- c:\windows\system32\msxml4.dll
2008-09-06 07:30:42 241704 -c----w- c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 07:29:58 917032 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2008-08-30 04:06:44 1350664 ----a-w- c:\windows\system32\msxml6.dll
2008-08-29 09:21:52 0 d-----w- c:\windows\system32\CatRoot_bak
2008-08-15 22:37:18 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2008-07-07 20:32:22 253952 -c----w- c:\windows\system32\dllcache\es.dll
2008-06-24 16:23:05 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:41:10 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 10:44:38 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2008-06-12 14:16:46 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:16:46 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:16:46 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:16:46 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:16:46 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:16:46 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-06-11 03:22:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2008-04-24 16:00:49 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2008-03-27 08:12:54 151583 -c----w- c:\windows\system32\dllcache\msjint40.dll
2008-03-05 14:53:32 691545 ----a-w- c:\windows\unins000.exe
2008-03-05 14:53:32 2544 ----a-w- c:\windows\unins000.dat
2008-02-20 06:51:05 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-02-20 05:32:43 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2008-02-02 19:33:15 0 d-----r- c:\docume~1\brad\applic~1\Brother
2008-02-01 15:46:29 0 d-----w- c:\program files\Brownie
2008-02-01 15:45:42 81920 ------w- c:\windows\system32\BrWebIns.dll
2008-02-01 15:45:42 65536 ------w- c:\windows\system32\BRWEBUP.EXE
2008-02-01 15:45:42 188416 ------w- c:\windows\system32\Pdrvinst.dll
2008-02-01 15:45:42 0 d-----w- c:\program files\Brother
2007-12-21 01:56:43 0 d-----w- c:\docume~1\brad\applic~1\ZoomBrowser EX
2007-12-21 01:41:36 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2007-12-21 01:38:39 0 d-----w- c:\program files\common files\Canon
2007-12-18 14:40:58 417792 -c--a-w- c:\windows\system32\dllcache\vbscript.dll
2007-12-18 09:51:35 179584 -c----w- c:\windows\system32\dllcache\mrxdav.sys
2007-12-04 20:45:51 0 d-----w- c:\program files\MSECache
2007-12-04 18:38:13 550912 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2007-11-13 03:49:25 0 d-----w- c:\program files\Shockwave.com
2007-11-02 00:56:09 0 d-----w- C:\Family PC 2
2007-10-29 22:43:03 1290752 -c----w- c:\windows\system32\dllcache\quartz.dll
2007-10-02 17:12:28 439296 ----a-w- c:\documents and settings\brad\GoToAssist_phone__317_en.exe
2007-09-17 20:40:48 0 d-----w- c:\documents and settings\brad\Contacts
2007-08-22 01:45:35 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-08-22 01:35:47 0 d-----w- c:\program files\PictureProject In Touch Downloader
2007-08-22 01:33:51 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2007-08-22 01:33:51 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2007-08-22 01:33:51 2179072 ----a-w- c:\windows\system32\mfc71d.dll
2007-08-22 01:33:50 974848 ----a-w- c:\windows\system32\mfc70.dll
2007-08-22 01:33:49 5709824 ----a-r- c:\windows\system32\NkNEFPlugin.dll
2007-08-22 01:33:29 180224 ----a-r- c:\windows\system32\Strato4.dll
2007-08-22 01:33:28 76800 ----a-r- c:\windows\system32\RedEye.dll
2007-08-22 01:33:28 180224 ----a-r- c:\windows\system32\picn1120.dll
2007-08-22 01:33:28 155648 ----a-r- c:\windows\system32\picn1020.dll
2007-08-22 01:33:28 110592 ----a-r- c:\windows\system32\RCSigProc.dll
2007-08-22 01:33:25 495616 ----a-r- c:\windows\system32\DRAGNKL1.dll
2007-08-22 01:33:25 0 d-----w- c:\program files\common files\muvee Technologies
2007-08-22 01:33:19 0 d-----w- c:\program files\Nikon
2007-08-22 01:33:10 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2007-08-22 01:27:44 0 d-----w- c:\program files\common files\Nikon
2007-08-15 16:27:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-07-06 12:46:59 95744 -c----w- c:\windows\system32\dllcache\mqsec.dll
2007-07-06 12:46:59 661504 -c----w- c:\windows\system32\dllcache\mqqm.dll
2007-07-06 12:46:59 48640 -c----w- c:\windows\system32\dllcache\mqupgrd.dll
2007-07-06 12:46:59 471552 -c----w- c:\windows\system32\dllcache\mqutil.dll
2007-07-06 12:46:59 47104 -c----w- c:\windows\system32\dllcache\mqdscli.dll
2007-07-06 12:46:59 177152 -c----w- c:\windows\system32\dllcache\mqrt.dll
2007-07-06 12:46:59 16896 -c----w- c:\windows\system32\dllcache\mqise.dll
2007-07-06 12:46:59 138240 -c----w- c:\windows\system32\dllcache\mqad.dll
2007-07-06 10:05:47 91776 -c----w- c:\windows\system32\dllcache\mqac.sys
2007-06-23 12:48:12 0 d-----w- c:\program files\Memeo
2007-06-23 12:48:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Tanagra
2007-06-23 12:46:46 615 ----a-w- c:\windows\setup.iss
2007-06-21 06:58:40 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-21 06:58:39 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-21 06:58:39 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-21 06:58:39 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-06-13 10:23:07 1033216 -c----w- c:\windows\system32\dllcache\explorer.exe
2007-05-16 15:12:15 85504 -c----w- c:\windows\system32\dllcache\wabimp.dll
2007-05-16 15:12:12 510976 -c----w- c:\windows\system32\dllcache\wab32.dll
2007-05-16 15:12:08 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2007-05-16 15:12:00 86528 -c----w- c:\windows\system32\dllcache\directdb.dll
2007-04-25 14:21:15 144896 -c----w- c:\windows\system32\dllcache\schannel.dll
2007-03-24 01:52:06 0 d-----w- c:\program files\common files\Real
2007-03-17 13:43:01 292864 -c----w- c:\windows\system32\dllcache\winsrv.dll
2007-03-08 15:36:28 577536 -c----w- c:\windows\system32\dllcache\user32.dll
2007-03-08 15:36:28 40960 -c----w- c:\windows\system32\dllcache\mf3216.dll
2007-03-08 13:47:48 1846656 -c----w- c:\windows\system32\dllcache\win32k.sys
2007-03-02 05:39:47 23392 ------w- c:\windows\system32\nscompat.tlb
2007-03-02 05:39:47 16832 ------w- c:\windows\system32\amcompat.tlb
2007-02-28 09:10:57 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2007-02-28 09:08:48 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2007-02-28 08:38:57 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-02-28 08:38:55 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2007-02-24 06:34:21 0 d-----w- c:\program files\SmartFTP Client 2.0
2007-02-24 06:34:05 0 d-----w- c:\program files\SmartFTP Client 2.0 Setup Files
2007-02-18 08:11:01 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb
2007-02-18 08:11:01 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb
2007-02-18 08:11:01 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2007-02-18 08:10:35 0 d-----w- c:\program files\Windows Media Connect 2
2007-02-18 08:08:04 0 d-----w- c:\windows\system32\LogFiles
2007-02-17 00:29:36 0 d-----w- c:\program files\iPod
2007-02-09 11:10:35 574464 -c----w- c:\windows\system32\dllcache\ntfs.sys
2007-02-05 20:17:02 185344 -c----w- c:\windows\system32\dllcache\upnphost.dll
2007-01-19 19:53:04 51056 ------w- c:\windows\system32\sirenacm.dll
2006-12-26 13:07:23 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2006-12-26 13:07:23 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2006-12-26 13:07:23 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2006-12-26 13:07:23 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2006-12-22 19:28:14 271360 ----a-w- c:\windows\system32\mscoree.dll
2006-12-19 21:52:18 134656 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2006-12-19 18:16:47 333824 -c----w- c:\windows\system32\dllcache\wiaservc.dll
2006-11-27 14:54:06 539136 -c----w- c:\windows\system32\dllcache\msftedit.dll
2006-11-27 14:54:06 433152 -c----w- c:\windows\system32\dllcache\riched20.dll
2006-11-21 18:24:11 3328 -c----w- c:\windows\system32\dllcache\qv2kux.sys
2006-11-21 18:24:11 3328 ------w- c:\windows\system32\drivers\qv2kux.sys
2006-11-16 21:54:55 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2006-11-16 21:54:55 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2006-11-16 21:54:55 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2006-11-03 23:17:23 0 d-----w- c:\documents and settings\brad\.housecall6.6
2006-11-02 08:28:24 0 d-----w- c:\program files\Trend Micro
2006-10-19 13:56:32 713216 -c----w- c:\windows\system32\dllcache\sxs.dll
2006-10-19 04:00:46 249856 ------w- c:\windows\system32\drmupgds.exe
2006-10-19 04:00:14 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2006-10-14 08:13:25 981760 -c----w- c:\windows\system32\dllcache\mfc42u.dll
2006-10-13 12:35:12 65536 -c----w- c:\windows\system32\dllcache\nwwks.dll
2006-10-13 12:35:12 142336 -c----w- c:\windows\system32\dllcache\nwprovau.dll
2006-10-13 10:23:15 163584 -c----w- c:\windows\system32\dllcache\nwrdr.sys
2006-10-12 13:54:18 57344 -c--a-w- c:\windows\system32\dllcache\agentdpv.dll
2006-10-12 13:54:18 42496 -c----w- c:\windows\system32\dllcache\agentdp2.dll
2006-10-12 11:54:07 256512 -c----w- c:\windows\system32\dllcache\agentsvr.exe
2006-10-09 21:59:58 1266688 ------w- c:\windows\system32\Redemption.dll
2006-10-09 21:59:56 0 d-----w- c:\program files\Recovery Toolbox for Outlook
2006-10-05 12:31:10 79872 ----a-w- c:\windows\system32\msxml6r.dll
2006-10-02 23:28:42 312128 ------w- c:\windows\system32\msdelta.dll
2006-09-29 04:13:26 95344 ------w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-29 03:00:34 82944 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-29 02:56:38 316416 ------w- c:\windows\system32\WUDFx.dll
2006-09-29 02:56:38 146432 ------w- c:\windows\system32\WudfHost.exe
2006-09-29 02:56:16 165376 ------w- c:\windows\system32\WudfPlatform.dll
2006-09-29 02:56:14 55808 ------w- c:\windows\system32\WudfSvc.dll
2006-09-29 02:55:50 77568 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-09-19 23:44:04 15664 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys
2006-09-19 23:43:58 109360 ------w- c:\windows\system32\GEARAspi.dll
2006-09-18 14:15:52 851968 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2006-09-13 05:01:56 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2006-09-09 03:18:11 0 d-----w- c:\program files\ReflexiveArcade
2006-09-01 16:44:04 8798 ----a-w- c:\windows\system32\icrav03.rat
2006-08-25 15:45:58 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2006-08-22 11:05:26 498742 -c----w- c:\windows\system32\dllcache\dxmasf.dll
2006-08-21 16:52:08 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2006-08-17 12:28:27 723456 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2006-08-17 12:28:27 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2006-08-16 11:58:05 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2006-08-16 09:37:30 225920 -c--a-w- c:\windows\system32\dllcache\tcpip6.sys
2006-08-14 10:34:41 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2006-07-27 13:24:46 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2006-07-26 20:24:44 0 d-----w- c:\documents and settings\brad\Shared
2006-07-26 20:24:42 0 d-----w- c:\documents and settings\brad\Incomplete
2006-07-26 20:23:24 0 d-----w- c:\documents and settings\brad\.limewire
2006-07-25 19:01:35 0 d-----w- c:\windows\Motive
2006-07-25 19:00:53 0 d-----w- c:\program files\Motive
2006-07-25 19:00:30 0 d-----w- c:\windows\system32\FinePointLib
2006-07-25 19:00:21 0 d-----w- c:\program files\Verizon Online
2006-07-25 18:57:03 0 d-----w- c:\program files\verizon
2006-07-14 15:31:39 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2006-07-14 15:25:57 546304 -c----w- c:\windows\system32\dllcache\hhctrl.ocx
2006-07-13 13:33:27 8454656 -c----w- c:\windows\system32\dllcache\shell32.dll
2006-07-05 10:55:01 986112 -c----w- c:\windows\system32\dllcache\kernel32.dll
2006-06-29 16:05:44 26112 ------w- c:\windows\system32\idndl.dll
2006-06-29 16:05:44 23552 ------w- c:\windows\system32\normaliz.dll
2006-06-29 01:59:26 24576 ------w- c:\windows\system32\nlsdl.dll
2006-06-26 17:37:10 8192 -c----w- c:\windows\system32\dllcache\rasadhlp.dll
2006-06-26 17:37:10 148992 -c--a-w- c:\windows\system32\dllcache\dnsapi.dll
2006-06-22 10:47:18 181248 -c----w- c:\windows\system32\dllcache\rasmans.dll
2006-06-22 05:06:30 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2006-06-22 05:06:29 69120 -c----w- c:\windows\system32\dllcache\ciodm.dll
2006-06-16 18:21:35 221700 ------w- c:\windows\system32\setup.inx
2006-06-16 18:21:00 9728 ------w- c:\windows\system32\drivers\filedisk.sys
2006-06-16 18:21:00 28236 ------w- c:\windows\system32\drivers\SGuard.sys
2006-06-14 09:00:45 82944 -c----w- c:\windows\system32\dllcache\wdmaud.sys
2006-06-14 08:47:46 6400 -c----w- c:\windows\system32\dllcache\splitter.sys
2006-06-14 08:47:45 172416 -c----w- c:\windows\system32\dllcache\kmixer.sys
2006-06-10 22:20:58 21504 -c----w- c:\windows\system32\dllcache\hidserv.dll
2006-06-10 22:20:58 21504 ------w- c:\windows\system32\hidserv.dll
2006-06-10 22:20:40 59264 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2006-06-10 22:20:40 59264 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2006-06-09 14:37:47 221184 ------w- c:\windows\system32\wmpns.dll
2006-06-08 20:06:50 66384 ------w- c:\windows\system32\normnfkc.nls
2006-06-08 20:06:50 60294 ------w- c:\windows\system32\normnfkd.nls
2006-06-08 20:06:50 59342 ------w- c:\windows\system32\normidna.nls
2006-06-08 20:06:50 45794 ------w- c:\windows\system32\normnfc.nls
2006-06-08 20:06:50 39284 ------w- c:\windows\system32\normnfd.nls
2006-05-29 15:32:09 1509888 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2006-05-19 15:06:03 3069440 -c--a-w- c:\windows\system32\dllcache\mshtml.dll
2006-05-19 12:59:41 94720 -c----w- c:\windows\system32\dllcache\iphlpapi.dll
2006-05-19 12:59:41 111616 -c----w- c:\windows\system32\dllcache\dhcpcsvc.dll
2006-05-18 05:24:25 450560 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2006-05-09 11:41:31 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2006-05-05 09:47:57 174592 -c----w- c:\windows\system32\dllcache\rdbss.sys
2006-05-05 09:41:45 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2006-04-27 05:35:36 196608 ------w- c:\windows\system32\anfysave.scr
2006-04-27 05:35:11 0 d-----w- c:\program files\AnfyTeam
2006-04-20 11:51:50 360320 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-07 08:17:59 176128 ------w- c:\windows\system32\NVUNINST.EXE
2006-02-07 08:17:57 0 d-----w- c:\program files\NVIDIA Corporation
2006-02-07 08:17:57 0 d-----w- c:\program files\common files\NVIDIA Shared
2006-02-07 08:16:30 0 d-----w- C:\NVIDIA
2006-02-07 08:02:28 3624765 ----a-w- c:\windows\AsusUpdt70401.zip
2006-02-07 07:18:57 4624 ------w- c:\windows\system32\nvaudio.nvu
2006-02-07 07:18:56 176128 ------w- c:\windows\system32\nvuaudio.exe
2006-01-25 01:30:06 520192 ------w- c:\windows\system32\ati2sgag.exe
2006-01-25 01:29:44 0 d-----w- c:\program files\ATI Technologies
2006-01-25 01:16:51 288 ----a-w- c:\windows\WININIT.INI
2006-01-15 08:16:28 44544 ------w- c:\windows\system32\msxml4a.dll
2006-01-15 08:16:28 33792 ------w- c:\windows\system32\CMDLGDE.DLL
2006-01-15 08:16:28 24576 ------w- c:\windows\system32\CMCT2DE.dll
2006-01-15 08:16:28 164144 ------w- c:\windows\system32\COMCT232.OCX
2006-01-15 08:16:28 152848 ------w- c:\windows\system32\Comdlg32.ocx
2006-01-15 08:16:28 112640 ------w- c:\windows\system32\CMCTLde.DLL
2006-01-14 07:00:21 0 d-----w- c:\documents and settings\brad\.housecall
2006-01-05 05:04:25 25552 ------w- c:\windows\system32\drivers\ativvpxx.vp
2006-01-05 03:41:42 110592 ------w- c:\windows\system32\atipdlxx.dll
2006-01-05 03:41:25 77824 ------w- c:\windows\system32\Oemdspif.dll
2006-01-05 03:41:18 26112 ------w- c:\windows\system32\Ati2mdxx.exe
2006-01-05 03:41:11 40960 ------w- c:\windows\system32\ati2edxx.dll
2006-01-05 03:40:59 61440 ------w- c:\windows\system32\ati2evxx.dll
2006-01-05 03:39:46 405504 ------w- c:\windows\system32\ati2evxx.exe
2006-01-05 03:39:21 53248 ------w- c:\windows\system32\ATIDDC.DLL
2006-01-05 03:20:05 6684672 ------w- c:\windows\system32\atioglx1.dll
2006-01-05 03:19:00 307200 ------w- c:\windows\system32\atiiiexx.dll
2006-01-05 03:11:38 151552 ------w- c:\windows\system32\atikvmag.dll
2006-01-05 03:10:58 17408 ------w- c:\windows\system32\atitvo32.dll
2006-01-05 03:10:15 40960 ------w- c:\windows\system32\drivers\ati2erec.dll
2006-01-05 03:01:34 4968448 ------w- c:\windows\system32\atioglxx.dll
2006-01-05 02:22:03 258048 ------w- c:\windows\system32\ATIDEMGR.dll
2005-12-22 22:44:29 112425 ------w- c:\windows\system32\atiicdxx.dat
2005-11-28 15:43:39 6024 ------w- c:\windows\system32\atifglpf.xml
2005-11-18 03:31:29 416 ----a-w- c:\windows\HPFCSS06.INI
2005-11-10 01:47:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2005-11-10 01:47:27 16 ----a-w- c:\windows\popcinfo.dat
2005-11-10 01:47:27 0 d-----w- c:\program files\PopCap Games
2005-10-27 18:36:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
2005-10-12 17:05:09 929 ------w- c:\windows\system32\drivers\ativcaxx.vp
2005-10-12 17:05:09 1114674 ------w- c:\windows\system32\drivers\ativcaxx.cpa
2005-09-30 03:29:58 99965 ----a-w- c:\windows\UninstallFirefox.exe
2005-09-30 03:29:46 8056 ----a-w- c:\windows\mozver.dat
2005-09-18 22:37:19 0 d-----w- c:\program files\Maxis
2005-08-13 21:06:39 0 d-----w- c:\program files\Cute CD DVD Burner
2005-08-13 07:25:06 1536 ----a-w- c:\windows\stella.ini
2005-08-13 07:23:37 181760 ----a-w- c:\windows\Planet.scr
2005-08-13 07:23:32 0 d-----w- C:\planet20
2005-08-13 00:13:20 57240 ------w- c:\windows\system32\iolobtdfg.exe
2005-08-12 23:47:53 0 d-----w- c:\program files\common files\Kaspersky Lab
2005-08-09 03:03:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2005-08-03 06:56:27 3250 ------w- c:\windows\system32\wbem\Outlook_01c597f87869b8cc.mof
2005-08-03 00:00:53 17920 ------w- c:\windows\system32\mdimon.dll
2005-08-02 23:59:22 0 d-----w- c:\program files\Microsoft ActiveSync
2005-07-20 18:45:23 0 d-----w- c:\windows\pss
2005-07-20 07:17:02 524288 ----a-w- c:\windows\1008d_r2.bin
2005-07-20 07:17:02 40213 ----a-r- c:\windows\AWDFLASH.EXE
2005-07-20 07:16:53 424010 ----a-w- c:\windows\1008d_r2.zip
2005-07-19 04:01:09 64 ------w- c:\windows\system32\BurnData.bin
2005-07-19 03:58:18 94208 ----a-r- c:\windows\SM1bg.exe
2005-07-19 03:58:18 86106 ------w- c:\windows\system32\SM1un.exe
2005-07-19 03:58:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2005-07-19 03:58:18 32896 ------w- c:\windows\system32\drivers\SM1fx_at.sys
2005-07-19 03:58:18 266240 ----a-r- c:\windows\SM1nint.exe
2005-07-19 03:58:18 12382 ------w- c:\windows\system32\SM1ui32.dll
2005-07-19 03:58:18 0 d-----w- c:\windows\DRIVERS
2005-07-19 03:58:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Napster
2005-07-19 03:45:58 0 d-----w- c:\program files\MSXML 4.0
2005-07-19 01:31:06 51328 -c----w- c:\windows\system32\dllcache\msdv.sys
2005-07-19 01:31:06 51328 ------w- c:\windows\system32\drivers\msdv.sys
2005-07-19 01:31:01 38912 -c----w- c:\windows\system32\dllcache\avc.sys
2005-07-19 01:31:01 38912 ------w- c:\windows\system32\drivers\avc.sys
2005-07-19 01:30:56 48128 -c----w- c:\windows\system32\dllcache\61883.sys
2005-07-19 01:30:56 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2005-07-19 01:24:38 920 ------w- c:\windows\system32\InstallUtil.InstallLog
2005-07-19 01:24:01 0 d-----w- c:\program files\Windows Media Connect
2005-07-19 00:01:31 0 d-----w- c:\windows\system32\URTTemp
2005-07-18 23:20:10 0 d-----w- c:\program files\Roxio
2005-07-18 23:19:00 0 d-----w- c:\program files\Sonic
2005-07-18 08:59:28 33376 ------w- c:\windows\system32\drivers\Pcouffin.sys
2005-07-18 08:57:54 0 d-----w- c:\program files\321Studios
2005-07-18 07:05:07 0 d-----w- C:\JVC
2005-07-18 06:20:44 0 d-----w- c:\windows\system32\PreInstall
2005-07-18 06:17:11 0 d-----w- c:\program files\Digital Photo Navigator 1.0
2005-07-18 06:15:57 0 d-----w- C:\MWASPI
2005-07-16 23:53:14 86016 ----a-w- c:\windows\unvise32.exe
2005-07-14 01:52:53 10 ------r- c:\windows\ABC3D.SN
2005-07-11 07:28:58 50 ----a-w- c:\windows\GunzLauncher.INI
2005-07-08 23:14:14 0 d-----w- c:\program files\MAIET
2005-07-08 05:05:05 69632 ------w- c:\windows\system32\lfgif13n.dll
2005-07-08 05:05:05 57344 ------w- c:\windows\system32\lfbmp13n.dll
2005-07-08 05:05:05 450560 ------w- c:\windows\system32\ltimg13n.dll
2005-07-08 05:05:05 401408 ------w- c:\windows\system32\lfcmp13n.dll
2005-07-08 05:05:05 206336 ------w- c:\windows\system32\ltefx13n.dll
2005-07-08 05:05:04 462848 ------w- c:\windows\system32\ltkrn13n.dll
2005-07-08 05:05:04 299008 ------w- c:\windows\system32\ltdis13n.dll
2005-07-08 05:05:04 163840 ------w- c:\windows\system32\ltfil13n.dll
2005-07-02 23:46:06 0 d-----w- c:\docume~1\brad\applic~1\.bittorrent
2005-06-22 19:08:12 0 d-----w- c:\program files\common files\EasyInfo
2005-06-19 08:59:01 0 d-----w- c:\program files\BitTorrent
2005-06-13 01:46:05 0 d-----w- c:\program files\GameSpy Arcade
2005-06-11 07:29:20 174 ----a-w- c:\documents and settings\brad\BFRemoteManager.ini
2005-06-11 07:29:17 6518 ----a-w- c:\documents and settings\brad\PlayerMenu.con
2005-06-11 07:29:17 0 ----a-w- c:\documents and settings\brad\Maps.con
2005-06-08 20:45:54 58560 ------w- c:\windows\system32\drivers\ativckxx.vp
2005-05-16 20:40:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap
2005-05-14 17:27:08 0 d-----w- c:\program files\Registrar Lite
2005-05-13 22:15:26 6 ----a-w- c:\documents and settings\brad\bfsm.pid
2005-05-07 15:45:38 7582 ------w- c:\windows\system32\drivers\incdrm.sys
2005-05-07 15:45:38 35965 ------w- c:\windows\UNMRW.cfg
2005-05-07 15:45:38 1069056 ------w- c:\windows\UNMRW.exe
2005-05-07 15:45:06 83592 ------w- c:\windows\NuNinst.cfg
2005-05-07 15:45:05 9344 ------w- c:\windows\system32\drivers\bsstor.sys
2005-05-07 15:45:05 389504 ------w- c:\windows\system32\drivers\bsudf.sys
2005-05-07 15:45:05 1159168 ------w- c:\windows\NuNinst.exe
2005-05-07 15:45:04 381466 ------w- c:\windows\BsUDF.tbl
2005-05-03 02:40:06 0 d-----w- c:\program files\DivX
2005-04-24 22:07:46 0 d-----w- C:\ATI
2005-03-10 03:12:38 9662 ----a-w- c:\windows\EPISME00.SWB
2005-03-01 19:28:24 0 d-----w- c:\docume~1\brad\applic~1\YAFSScreen
2005-03-01 19:28:19 0 d-----w- c:\program files\YAFSScreen
2005-02-28 19:17:16 0 ------w- c:\windows\system32\px.ini
2005-02-25 05:47:26 0 d-----w- c:\program files\Maxtor
2005-02-18 17:02:58 29 ----a-w- c:\windows\DEBUGSM.INI
2005-02-18 17:02:53 0 d-----w- c:\docume~1\brad\applic~1\Smart Panel
2005-02-10 01:32:13 0 d-----w- c:\program files\Microsoft Money 2005
2005-02-02 16:56:24 8704 -c----w- c:\windows\system32\dllcache\kbdjpn.dll
2005-02-02 16:56:24 8704 ------w- c:\windows\system32\kbdjpn.dll
2005-02-02 16:56:24 8192 -c----w- c:\windows\system32\dllcache\kbdkor.dll
2005-02-02 16:56:24 8192 ------w- c:\windows\system32\kbdkor.dll
2005-02-02 16:56:24 6144 -c----w- c:\windows\system32\dllcache\kbd106.dll
2005-02-02 16:56:24 6144 ------w- c:\windows\system32\kbd106.dll
2005-02-02 16:56:23 5632 -c----w- c:\windows\system32\dllcache\kbd103.dll
2005-02-02 16:56:23 5632 ------w- c:\windows\system32\kbd103.dll
2005-02-02 16:56:22 6144 -c----w- c:\windows\system32\dllcache\kbd101c.dll
2005-02-02 16:56:22 6144 -c----w- c:\windows\system32\dllcache\kbd101b.dll
2005-02-02 16:56:22 6144 ------w- c:\windows\system32\kbd101c.dll
2005-02-02 16:56:22 6144 ------w- c:\windows\system32\kbd101b.dll
2005-02-01 09:03:00 20640 ------w- c:\windows\system32\drivers\pxhelp20.sys
2005-01-29 20:16:12 0 ----a-w- c:\windows\VPC32.INI
2005-01-15 19:16:48 0 d-----w- c:\windows\speech
2005-01-15 19:16:44 0 d-----w- c:\windows\lhsp
2005-01-15 19:16:33 0 d-----w- c:\program files\Advanced Searchbar
2005-01-08 00:06:45 21840 ------w- c:\windows\system32\SIntfNT.dll
2005-01-08 00:06:45 17212 ------w- c:\windows\system32\SIntf32.dll
2005-01-08 00:06:45 12067 ------w- c:\windows\system32\SIntf16.dll
2005-01-08 00:04:21 25 ----a-w- c:\windows\SIERRA.INI
2004-12-27 21:21:00 69632 ------w- c:\windows\system32\mpvpxex.ax
2004-12-27 21:20:59 98304 ------w- c:\windows\system32\MpvpxSSE.dll
2004-12-27 21:20:59 102400 ------w- c:\windows\system32\MpvpxX86.dll
2004-12-27 21:20:59 102400 ------w- c:\windows\system32\MpvpxMMX.dll
2004-12-27 21:20:58 21081 ------w- c:\windows\system32\drivers\pixmcvv.sys
2004-12-27 21:20:55 90624 -c----w- c:\windows\system32\dllcache\kswdmcap.ax
2004-12-27 21:20:55 90624 ------w- c:\windows\system32\kswdmcap.ax
2004-12-27 21:20:54 61952 -c----w- c:\windows\system32\dllcache\kstvtune.ax
2004-12-27 21:20:54 61952 ------w- c:\windows\system32\kstvtune.ax
2004-12-27 21:20:54 53760 -c----w- c:\windows\system32\dllcache\vfwwdm32.dll
2004-12-27 21:20:54 53760 ------w- c:\windows\system32\vfwwdm32.dll
2004-12-27 21:20:51 43008 -c----w- c:\windows\system32\dllcache\ksxbar.ax
2004-12-27 21:20:51 43008 ------w- c:\windows\system32\ksxbar.ax
2004-12-27 20:44:49 28057 ------w- c:\windows\system32\drivers\pixmcva.sys
2004-12-27 20:38:20 45056 ------w- c:\windows\system32\Sc726dec.ax
2004-12-27 20:38:20 13239 ------w- c:\windows\system32\scg726.acm
2004-12-27 20:03:08 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2004-12-27 20:03:08 4030 ------w- c:\windows\system\WINASPI.DLL
2004-12-27 20:03:08 30208 ------w- c:\windows\system32\WNASPI32.DLL
2004-12-27 20:03:08 291 ----a-w- c:\windows\msfsetup.ini
2004-12-27 20:03:08 2486 ------w- c:\windows\system\AS16POST.BIN
2004-12-27 19:52:28 32000 ------w- c:\windows\system32\drivers\pixmcvc.sys
2004-12-26 03:06:55 0 d-----w- c:\program files\common files\Vbox
2004-12-26 02:53:41 0 d-----w- c:\program files\Ping Plotter
2004-12-23 17:03:31 5632 ------w- c:\windows\system32\ptpusb.dll
2004-12-23 17:03:30 159232 ------w- c:\windows\system32\ptpusd.dll
2004-12-23 16:45:25 9856 ------w- c:\windows\system32\drivers\pfc.sys
2004-12-23 16:40:44 0 ----a-w- c:\windows\OpPrintServer.INI
2004-12-23 16:39:28 0 d-----w- c:\program files\Canon
2004-12-21 09:29:37 406 ------w- c:\windows\system32\ioloBootDefrag.cfg
2004-12-21 09:14:05 0 d-----w- C:\INCINERATE
2004-12-20 16:45:17 45056 ------w- c:\windows\system32\SAIKICK.dll
2004-12-20 16:45:17 45056 ------w- c:\windows\system32\SAIHOOK.dll
2004-12-20 16:45:15 26624 ------w- c:\windows\system32\drivers\SaiNtBus.sys
2004-12-20 16:45:15 14976 ------w- c:\windows\system32\drivers\SaiMini.sys
2004-12-20 16:45:12 0 d-----w- c:\program files\Saitek
2004-12-20 16:45:11 84992 ------w- c:\windows\system32\atl70.dll
2004-12-20 16:45:11 487424 ----a-w- c:\windows\system32\msvcp70.dll
2004-12-20 16:45:11 344064 ----a-w- c:\windows\system32\msvcr70.dll
2004-12-20 16:44:27 901120 ------w- c:\windows\system32\sai0464.dll
2004-12-20 16:44:20 48128 ------w- c:\windows\system32\drivers\SaiH0464.sys
2004-12-18 18:57:24 376 ----a-w- c:\windows\ODBC.INI
2004-12-18 18:57:23 0 d-----w- c:\program files\Symantec
2004-12-18 18:57:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2004-12-18 18:57:21 0 d-----w- c:\program files\NavNT
2004-12-17 22:03:47 702464 ------w- c:\windows\system32\Incinerator.dll
2004-12-17 22:03:46 25264 ------w- c:\windows\system32\smrgdf.exe
2004-12-14 02:43:05 0 d-----w- c:\docume~1\brad\applic~1\ATI MMC
2004-12-13 21:17:26 729088 ----a-w- c:\windows\iun6002.exe
2004-12-13 21:00:09 1031 ----a-w- c:\windows\eReg.dat
2004-12-13 20:47:55 34064 ------w- c:\windows\system32\lhacm.acm
2004-12-13 20:44:46 0 ----a-w- c:\windows\ATIMMC.INI
2004-12-13 20:44:21 0 d-----w- c:\docume~1\alluse~1\applic~1\ATI MMC
2004-12-13 20:42:34 0 d-----w- c:\program files\ATI Multimedia
2004-12-13 20:42:08 0 d-----w- c:\windows\system32\windows media
2004-12-13 20:42:01 0 d-----w- c:\windows\RegisteredPackages
2004-12-13 20:42:00 0 d--h--w- c:\windows\msdownld.tmp
2004-12-13 20:41:59 0 d-----w- c:\program files\Windows Media Components
2004-12-13 20:26:59 134112 ------w- c:\windows\system32\hpfmlc06.dll
2004-12-13 20:26:58 68700 ------w- c:\windows\system32\hpfcom06.dll
2004-12-13 20:26:58 56060 ------w- c:\windows\system32\hpfmem06.dll
2004-12-13 20:26:58 27164 ------w- c:\windows\system32\hpfiop06.dll
2004-12-13 20:26:56 0 d-----w- c:\program files\HP DeskJet 720C Series
2004-12-13 20:25:11 0 d-----w- C:\EPSONREG
2004-12-13 20:23:19 212480 ----a-w- c:\windows\pcdlib32.dll
2004-12-13 20:23:19 21 ----a-w- c:\windows\PI_setup.ini
2004-12-13 20:23:19 1706800 ------w- c:\windows\system32\gdiplus.dll
2004-12-13 20:21:48 96768 ----a-w- c:\windows\SlantAdj.dll
2004-12-13 20:21:48 73216 ----a-w- c:\windows\ADE.DLL
2004-12-13 20:21:48 72 ------w- c:\windows\system32\epDPE.ini
2004-12-13 20:21:48 3136 ----a-w- c:\windows\Ade001.bin
2004-12-13 20:21:37 0 d-----w- c:\program files\Smart Panel
2004-12-13 20:21:16 15104 -c----w- c:\windows\system32\dllcache\usbscan.sys
2004-12-13 20:21:16 15104 ------w- c:\windows\system32\drivers\usbscan.sys
2004-12-13 20:20:43 91648 ------w- c:\windows\system32\E_SAGSET.DLL
2004-12-13 20:20:39 75501 ------w- c:\windows\system32\EBPMON24.DLL
2004-12-13 20:20:39 64000 ------w- c:\windows\system32\ECBTEG.DLL
2004-12-13 20:20:39 182 ------w- c:\windows\system32\EBPPORT4.DAT
2004-12-13 20:20:38 34304 ------w- c:\windows\system32\EBPCHP.DLL
2004-12-13 20:20:24 131072 ------w- c:\windows\system32\Epcmlib.dll
2004-12-13 20:20:24 0 d-----w- c:\windows\EPSON CardMonitor Essential
2004-12-13 20:20:16 0 d-----w- c:\windows\EPSON PhotoStarter Essential
2004-12-13 20:20:02 46080 ------w- c:\windows\system32\escimgd.dll
2004-12-13 20:20:02 29696 ------w- c:\windows\system32\escwiad.dll
2004-12-13 20:20:02 22528 ------w- c:\windows\system32\esccmd.dll
2004-12-13 20:19:41 196 ----a-w- c:\windows\EPSON RX500 Installer.ini
2004-12-13 20:01:42 0 d-----w- c:\windows\system32\Color
2004-12-13 20:01:17 0 d-----w- c:\windows\Profiles
2004-12-13 20:00:36 0 d-----w- c:\documents and settings\brad\WINDOWS
2004-12-13 19:59:09 126976 ------w- c:\windows\system32\NVNFINST.DLL
2004-12-13 19:57:59 13568 ------w- c:\windows\system32\drivers\nv_agp.SYS
2004-12-13 19:57:38 0 d-----w- c:\program files\ASUS
2004-12-13 19:57:31 306688 ----a-w- c:\windows\IsUninst.exe
2004-12-12 17:17:27 26496 -c----w- c:\windows\system32\dllcache\usbstor.sys
2004-12-12 17:17:24 25856 -c----w- c:\windows\system32\dllcache\usbprint.sys
2004-12-12 17:17:24 25856 ------w- c:\windows\system32\drivers\usbprint.sys
2004-12-09 01:52:30 0 d-----w- c:\program files\MSN Apps
2004-12-09 01:40:37 0 d-----w- c:\windows\system32\appmgmt
2004-12-09 01:32:51 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2004-12-09 01:32:51 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2004-12-09 01:32:50 14848 -c----w- c:\windows\system32\dllcache\kbdhid.sys
2004-12-09 01:32:50 14848 ------w- c:\windows\system32\drivers\kbdhid.sys
2004-12-09 01:32:44 9600 -c----w- c:\windows\system32\dllcache\hidusb.sys
2004-12-09 01:32:44 9600 ------w- c:\windows\system32\drivers\hidusb.sys
2004-12-09 01:32:40 31616 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2004-12-09 01:32:40 31616 ------w- c:\windows\system32\drivers\usbccgp.sys
2004-12-09 01:27:44 7315 ------w- c:\windows\system32\javasup.vxd
2004-12-09 01:27:44 6550 ----a-w- c:\windows\jautoexp.dat
2004-12-09 01:27:44 46352 ----a-w- c:\windows\setdebug.exe
2004-12-09 01:27:44 139536 ------w- c:\windows\system32\javaee.dll
2004-12-09 01:27:41 113 ------w- c:\windows\system32\zonedon.reg
2004-12-09 01:27:41 113 ------w- c:\windows\system32\zonedoff.reg
2004-12-09 01:27:32 0 d--h--w- c:\windows\$hf_mig$
2004-12-09 01:19:49 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2004-12-09 01:19:49 0 d-----w- c:\windows\system32\SoftwareDistribution
2004-12-09 01:18:57 0 d-----w- c:\windows\system32\wbem\AutoRecover
2004-12-09 01:13:14 0 d-----w- c:\windows\ServicePackFiles
2004-12-09 01:12:08 2897920 ------w- c:\windows\system32\xpsp2res.dll
2004-12-09 01:11:41 0 d-----w- c:\windows\system32\ReinstallBackups
2004-12-09 01:11:24 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2004-12-09 01:10:16 0 d-----w- c:\windows\EHome
2004-12-09 01:03:30 0 d-s---w- c:\documents and settings\brad\UserData
2004-12-09 00:59:01 0 d-----w- c:\program files\Yahoo!
2004-12-09 00:59:00 0 d-----w- c:\program files\Winbond
2004-12-09 00:59:00 0 d-----w- c:\program files\Ventrilo
2004-12-09 00:58:59 0 d-----w- c:\program files\Teamspeak2_RC2
2004-12-09 00:58:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2004-12-09 00:58:51 0 d-----w- c:\program files\Red Storm Entertainment
2004-12-09 00:58:50 0 d-----w- c:\program files\PIXELA
2004-12-09 00:58:49 0 d-----w- c:\program files\MSN Messenger
2004-12-09 00:58:47 0 d-----w- c:\program files\Managed DirectX (0901)
2004-12-09 00:58:47 0 d-----w- c:\program files\Lavasoft
2004-12-09 00:58:47 0 d-----w- c:\program files\iTunes
2004-12-09 00:58:47 0 d-----w- c:\program files\iolo
2004-12-09 00:58:46 0 d-----w- c:\program files\Foolish Entertainment
2004-12-09 00:58:46 0 d-----w- c:\program files\EPSON
2004-12-09 00:58:46 0 d-----w- c:\program files\E-Color
2004-12-09 00:58:46 0 d-----w- c:\program files\Belkin
2004-12-09 00:58:46 0 d-----w- c:\program files\AVPersonal
2004-12-09 00:58:46 0 d-----w- c:\program files\Atomic Clock Sync
2004-12-09 00:58:46 0 d-----w- c:\program files\America's Army
2004-12-09 00:58:46 0 d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2004-12-09 00:58:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2004-12-09 00:37:27 0 d-sh--w- c:\documents and settings\all users\DRM
2004-12-09 00:34:40 0 d-----w- c:\program files\common files\MSSoap
2004-12-09 00:32:56 0 d--h--w- c:\program files\WindowsUpdate
2004-12-09 00:32:56 0 d-----w- c:\program files\Online Services
2004-12-09 00:32:49 0 d-----w- c:\program files\Messenger
2004-12-09 00:32:35 0 d-----w- c:\program files\MSN Gaming Zone
2004-12-09 00:30:55 0 d-----w- c:\program files\Windows NT
2004-12-08 16:21:39 0 d-----w- c:\program files\common files\ODBC
2004-12-08 16:21:29 0 d-----w- c:\program files\common files\SpeechEngines
2004-12-08 16:20:48 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-08-05 09:11:47 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55:28 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08:14 286720 ------w- c:\windows\system32\wmpdxm.dll
2009-06-26 15:59:38 668160 ------w- c:\windows\system32\wininet.dll
2009-06-26 15:59:14 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55:16 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:55:16 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-12 11:50:54 80896 ------w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50:53 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:21:48 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:32:40 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42:37 655872 ------w- c:\windows\system32\mstscax.dll
2009-06-03 19:27:58 1290752 ------w- c:\windows\system32\quartz.dll
2009-05-07 15:44:00 344064 ------w- c:\windows\system32\localspl.dll
2009-04-17 09:58:57 1846656 ------w- c:\windows\system32\win32k.sys
2009-04-15 15:11:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-06 14:44:35 283648 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 10:20:34 723456 ------w- c:\windows\system32\lsasrv.dll
2009-02-09 10:20:34 399360 ------w- c:\windows\system32\rpcss.dll
2009-02-09 10:20:33 714752 ------w- c:\windows\system32\ntdll.dll
2009-02-09 10:20:33 616960 ------w- c:\windows\system32\advapi32.dll
2009-02-09 10:20:33 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 10:20:32 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-06 17:24:35 2180480 ------w- c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14:03 110592 ------w- c:\windows\system32\services.exe
2009-02-06 16:54:36 35328 ------w- c:\windows\system32\sc.exe
2009-02-06 16:49:02 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 16:39:29 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 20:08:52 55808 ----a-w- c:\windows\system32\secur32.dll
2008-12-16 12:47:51 351232 ----a-w- c:\windows\system32\winhttp.dll
2008-12-11 11:57:21 333184 ------w- c:\windows\system32\drivers\srv.sys
2008-12-05 07:12:45 144896 ------w- c:\windows\system32\schannel.dll
2008-10-24 11:10:42 453632 ------w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01:36 283648 ----a-w- c:\windows\system32\gdi32.dll
2008-10-03 10:15:47 247326 ------w- c:\windows\system32\strmdll.dll
2008-09-04 16:42:02 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-08-14 09:51:43 138368 ------w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:32:22 253952 ------w- c:\windows\system32\es.dll
2008-06-24 16:23:05 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:41:10 245248 ------w- c:\windows\system32\mswsock.dll
2008-06-20 10:45:13 360320 ------w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 09:52:06 225920 ------w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 13:03:08 938496 ------w- c:\windows\system32\WMNetmgr.dll
2008-06-18 09:09:22 100864 ------w- c:\windows\system32\logagent.exe
2008-06-13 13:10:50 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-12 14:16:46 956928 ------w- c:\windows\system32\msdtctm.dll
2008-06-12 14:16:46 91648 ------w- c:\windows\system32\mtxoci.dll
2008-06-12 14:16:46 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:16:46 58880 ------w- c:\windows\system32\msdtclog.dll
2008-06-12 14:16:46 428032 ------w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:16:46 161792 ------w- c:\windows\system32\msdtcuiu.dll
2008-06-09 20:13:56 133848 ----a-w- c:\windows\fonts\Swkeys1.ttf
2008-06-09 20:13:54 14836 ----a-w- c:\windows\fonts\SWMacro.otf
2008-05-08 12:28:49 202752 ------w- c:\windows\system32\drivers\rmcast.sys
2008-04-11 18:50:43 683520 ----a-w- c:\windows\system32\inetcomm.dll
2008-03-27 08:12:54 151583 ------w- c:\windows\system32\msjint40.dll
2008-02-20 05:32:43 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2007-12-18 14:40:58 417792 ----a-w- c:\windows\system32\vbscript.dll
2007-12-18 09:51:35 179584 ------w- c:\windows\system32\drivers\mrxdav.sys
2007-12-04 18:38:13 550912 ------w- c:\windows\system32\oleaut32.dll
2007-11-13 10:25:53 20480 ------w- c:\windows\system32\drivers\secdrv.sys
2007-10-28 00:40:30 222720 ------w- c:\windows\system32\wmasf.dll
2007-06-13 10:23:07 1033216 ------w- c:\windows\explorer.exe
2007-04-18 16:12:23 2854400 ----a-w- c:\windows\system32\msi.dll
2007-03-17 13:43:01 292864 ----a-w- c:\windows\system32\winsrv.dll
2007-03-08 15:36:28 577536 ------w- c:\windows\system32\user32.dll
2007-03-08 15:36:28 40960 ------w- c:\windows\system32\mf3216.dll
2007-02-09 11:10:35 574464 ------w- c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:17:02 185344 ------w- c:\windows\system32\upnphost.dll
2006-12-04 23:21:50 414720 ------w- c:\windows\system32\msscp.dll
2006-11-01 19:17:45 927504 ------w- c:\windows\system32\mfc40u.dll
2006-10-19 13:56:32 713216 ----a-w- c:\windows\system32\sxs.dll
2006-10-19 05:58:00 8704 ------w- c:\windows\system32\wdfmgr.exe
2006-10-19 05:58:00 8704 ------w- c:\windows\system32\uwdf.exe
2006-10-19 04:00:00 38528 ------w- c:\windows\system32\drivers\wpdusb.sys
2006-10-16 16:15:00 122880 ------w- c:\windows\system32\oledlg.dll
2006-10-14 08:13:25 981760 ------w- c:\windows\system32\mfc42u.dll
2006-10-13 12:35:12 65536 ------w- c:\windows\system32\nwwks.dll
2006-10-13 12:35:12 64000 ------w- c:\windows\system32\nwapi32.dll
2006-10-13 12:35:12 142336 ------w- c:\windows\system32\nwprovau.dll
2006-10-13 10:23:15 163584 ------w- c:\windows\system32\drivers\nwrdr.sys
2006-08-25 15:45:58 617472 ------w- c:\windows\system32\comctl32.dll
2006-08-22 11:05:26 498742 ------w- c:\windows\system32\dxmasf.dll
2006-08-21 12:21:06 16896 ------w- c:\windows\system32\fltlib.dll

============= FINISH: 23:10:27.93 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2001-12-31 23:17:37
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Brad\LOCALS~1\Temp\awldykod.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\si3112r \Device\Harddisk0\DR0 87122AC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\si3112r.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by montpax, 15 April 2010 - 10:17 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 19 April 2010 - 10:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 April 2010 - 07:08 PM

Thanks for getting back to me


My browser is being hijacked and an extra tab comes up from time to time.
I can paste an address and get by with that.
Malwarebytes at that point finds nothing.

At random times "xp security tool 2010"
attacks . I run Malwarebytes and it solves that for a little while.


Other new problems accompanying this issue;
My clock/calendar is also reverting back in years ? if that is connected in some way
Occasionally I open Firefox and IE pops open as well
I am also loosing sound and need to reboot to get it back


Regards, Montpax

the olt is 1.04 mb and will not upload.. or post openly.

Any Ideas.... I can email direct?

----------------------------------------------------------------------------

OTL Extras logfile created on: 12/31/2001 11:17:50 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 576.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 5.20 Gb Free Space | 15.09% Space Free | Partition Type: NTFS
Drive D: | 76.33 Gb Total Space | 48.95 Gb Free Space | 64.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAMING-RIG
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-2000478354-113007714-725345543-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Documents and Settings\Brad\My Documents\Downloads\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Documents and Settings\Brad\My Documents\Downloads\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Documents and Settings\Brad\My Documents\Downloads\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\btdownloadgui.exe" = C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\ASUS\AsusUpdate\Update.exe" = C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update -- (ASUSTek Computer Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}" = SST Programming Software
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{14FB1C47-B0F2-4DB6-B9C0-1A817862F9A3}" = ArcSoft Camera Suite 2.1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28ADA52D-B7AF-442C-8B7F-CEB9ECC28078}" = MMC81
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{426A8685-C7D0-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer with VCD
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 3
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72D01427-57EC-4179-815C-18ED0D461107}" = ATI AVIVO Codecs
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8204A7B-6DC2-44D0-BBAE-0BC820D4AE14}" = SpadeClub Poker
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F5964827-67A0-4C50-92A6-CB11C2B8B052}" = Brother HL-2070N
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent 4.0.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{28ADA52D-B7AF-442C-8B7F-CEB9ECC28078}" = ATI Multimedia Center 8.1.0.0
"InstallShield_{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}" = DAO
"iolo technologies' System Mechanic 5 Professional" = iolo technologies' System Mechanic 5 Professional
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2005b" = Microsoft Money 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"PingPlotter" = PingPlotter
"Planetairum Gold" = Planetairum Gold
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Recovery Toolbox for Outlook_is1" = Recovery Toolbox for Outlook 1.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Macromedia Flash Player 8
"Silent Package Run-Time Sample" = EPSON RX500 Reference Guide
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Smart Defrag_is1" = Smart Defrag 1.03
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"The Hat_is1" = The Hat 2.3
"True Internet Color" = True Internet Color
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AlexWarp" = AlexWarp
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2010 11:30:16 PM | Computer Name = GAMING-RIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/20/2010 2:17:26 AM | Computer Name = GAMING-RIG | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a559e.

Error - 4/20/2010 2:57:58 AM | Computer Name = GAMING-RIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/20/2010 2:57:59 AM | Computer Name = GAMING-RIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/20/2010 9:21:00 AM | Computer Name = GAMING-RIG | Source = DefWatch | ID = 34048
Description = Failed to get virus definitions folder.

Error - 4/20/2010 9:21:08 AM | Computer Name = GAMING-RIG | Source = Norton AntiVirus | ID = 16711694
Description = Norton AntiVirus services failed to start. Virus definition file is
invalid. (CC001000)

Error - 4/20/2010 9:58:51 AM | Computer Name = GAMING-RIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/20/2010 9:58:51 AM | Computer Name = GAMING-RIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/1/2002 3:02:56 AM | Computer Name = GAMING-RIG | Source = DefWatch | ID = 34048
Description = Failed to get virus definitions folder.

Error - 1/1/2002 3:03:07 AM | Computer Name = GAMING-RIG | Source = Norton AntiVirus | ID = 16711694
Description = Norton AntiVirus services failed to start. Virus definition file is
invalid. (CC001000)

[ System Events ]
Error - 4/17/2010 12:35:59 PM | Computer Name = GAMING-RIG | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 4/17/2010 7:49:43 PM | Computer Name = GAMING-RIG | Source = Service Control Manager | ID = 7023
Description = The Norton AntiVirus Client service terminated with the following
error: %%10

Error - 4/17/2010 7:49:48 PM | Computer Name = GAMING-RIG | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 4/19/2010 12:27:11 AM | Computer Name = GAMING-RIG | Source = Service Control Manager | ID = 7023
Description = The Norton AntiVirus Client service terminated with the following
error: %%10

Error - 4/19/2010 12:27:12 AM | Computer Name = GAMING-RIG | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 4/19/2010 12:31:47 AM | Computer Name = GAMING-RIG | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 0003bf11, parameter3
abf6097e, parameter4 00000000.

Error - 4/19/2010 9:27:43 AM | Computer Name = GAMING-RIG | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 4/19/2010 9:27:52 AM | Computer Name = GAMING-RIG | Source = Service Control Manager | ID = 7023
Description = The Norton AntiVirus Client service terminated with the following
error: %%10

Error - 4/20/2010 9:21:13 AM | Computer Name = GAMING-RIG | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 4/20/2010 9:21:16 AM | Computer Name = GAMING-RIG | Source = Service Control Manager | ID = 7023
Description = The Norton AntiVirus Client service terminated with the following
error: %%10


< End of report >

Edited by montpax, 20 April 2010 - 11:28 PM.


#4 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 April 2010 - 07:11 PM


First part of OTL

too long



Attached Files


Edited by montpax, 20 April 2010 - 11:55 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 21 April 2010 - 04:59 AM

Hi,

could you please try to zip the file and attach it then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 April 2010 - 09:49 AM

lol... I don't get out much. As many files as I have unzipped, I do not believe I have ever sent one zipped.... duh.... Always learning.

Thanks
montpax

Attached Files

  • Attached File  OTL.zip   102.63KB   11 downloads

Edited by montpax, 21 April 2010 - 09:50 AM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 21 April 2010 - 01:28 PM

Hi,

the date seems to be off, it is set to 2001. I would suggest that you reset the correct time.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 April 2010 - 06:27 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-21 16:10:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Brad\LOCALS~1\Temp\awldykod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAE64C320]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF6C78A0C]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6742000, 0x22ABE7, 0xE8000020]
.rsrc C:\WINDOWS\System32\DRIVERS\kbdclass.sys entry point in ".rsrc" section [0xF7B6BE14]
init C:\WINDOWS\System32\Drivers\HPFECP06.SYS entry point in "init" section [0xABF498C0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[152] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1328] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0078000C
.text C:\WINDOWS\System32\svchost.exe[1328] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0106000A
.text C:\WINDOWS\System32\svchost.exe[1328] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0105000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)
Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)
Device -> \Driver\si3112r \Device\Harddisk0\DR0 86F83AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\kbdclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\si3112r.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 24 April 2010 - 01:53 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 27 April 2010 - 11:35 AM

Thanks myrti

I changed all my bank info and will not use that PC until I reformat.
I also cleaned it up until I have time to re do it all.
Using Combi Fix it asked to re-start. At the windows Log On it froze and I shut down the PC after a few hours...
Conseguently I did not have a combi log from that episode. I did combi fix again and here is that log.
My keyboard is not working now (F tabs work) and it bogs down at times even after cc and de-fraging.

I do not need to fix those issues now since I will be re-installing os...


Thanks again for all the help.

By the way... I am pretty sure that I was slimed at Youtube.
I had looked up specific christian worship songs and clicked on a tab that listed a persons videos. They did not open and I tried some others also that did not open... Problems all came after that. Don't remember the song otherwise I would flag it if that is possible. I was using windows firewall at the time and Avast... I now have Online Armour and will make sure the updates come regularly. Hopefully that will guard me....

Regards,

montpax



ComboFix 10-04-21.01 - Brad 04/25/2010 13:46:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.656 [GMT -7:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 06:11 . 2010-04-25 06:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-04-25 05:42 . 2010-04-25 05:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-25 05:41 . 2010-04-25 05:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-04-25 05:27 . 2010-04-25 05:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-25 05:20 . 2010-04-25 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-04-23 04:09 . 2010-04-23 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-23 04:09 . 2010-04-23 04:09 -------- d-----w- c:\documents and settings\Brad\Application Data\OnlineArmor
2010-04-23 04:08 . 2010-04-20 11:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-23 04:08 . 2010-04-20 11:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-23 04:08 . 2010-04-20 11:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-23 04:08 . 2010-04-23 04:08 -------- d-----w- c:\program files\Tall Emu
2010-04-23 04:02 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-23 04:02 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-23 04:02 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 04:01 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-23 04:01 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-23 04:01 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-23 04:01 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-23 04:01 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-23 04:01 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-23 04:01 . 2010-04-23 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-22 02:08 . 2010-04-22 02:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-04-19 22:52 . 2010-04-19 22:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-17 19:35 . 2010-04-25 05:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-17 19:35 . 2010-04-17 19:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 15:39 . 2010-04-17 15:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2010-04-17 04:36 . 2010-04-17 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-04-17 04:06 . 2010-04-17 04:06 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\PackageAware
2010-04-15 21:25 . 2010-04-15 21:25 407680 ----a-w- C:\avastcleanr.exe
2010-04-15 13:06 . 2010-04-15 13:06 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-14 10:55 . 2010-04-14 10:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-04-13 22:16 . 2010-04-17 19:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-13 17:58 . 2010-04-14 23:33 126100 ----a-w- C:\MGlogs.zip
2010-04-12 13:01 . 2010-04-12 13:01 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-04-11 19:08 . 2010-04-11 23:29 0 ----a-w- c:\windows\Gquriwepasuleb.bin
2010-04-11 19:08 . 2010-04-11 23:29 120 ----a-w- c:\windows\Wmuwiperewehap.dat
2010-04-06 03:24 . 2010-04-06 03:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-02 04:18 . 2010-04-02 04:18 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:18 . 2010-04-02 04:18 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Apple
2010-04-02 04:18 . 2010-04-02 04:18 -------- d-----w- c:\program files\Apple Software Update
2010-04-02 04:18 . 2010-04-02 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-31 23:45 . 2010-03-31 23:45 50354 ----a-w- c:\documents and settings\Brad\Application Data\Facebook\uninstall.exe
2010-03-31 23:45 . 2010-03-31 23:45 -------- d-----w- c:\documents and settings\Brad\Application Data\Facebook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 00:02 . 2008-11-27 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-24 05:13 . 2004-12-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-23 04:01 . 2009-01-02 04:16 -------- d-----w- c:\program files\Alwil Software
2010-04-16 01:09 . 2009-01-01 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 21:14 . 2009-01-01 21:11 2389388 ----a-w- C:\MGtools.exe
2010-04-15 00:25 . 2009-11-27 08:56 79488 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 21:30 . 2006-11-02 08:28 -------- d-----w- c:\program files\Trend Micro
2010-04-13 18:20 . 2008-12-31 23:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 18:18 . 2009-04-26 15:59 117760 ----a-w- c:\documents and settings\Brad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-11 20:56 . 2010-04-11 20:56 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-11 20:56 . 2009-01-31 17:31 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-10 16:19 . 2005-12-26 00:08 -------- d-----w- c:\program files\Google
2010-04-02 04:20 . 2004-12-09 00:58 -------- d-----w- c:\program files\QuickTime
2010-04-01 19:36 . 2007-12-21 01:56 -------- d-----w- c:\documents and settings\Brad\Application Data\ZoomBrowser EX
2010-04-01 19:36 . 2007-12-21 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-03-30 07:46 . 2009-01-01 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2009-01-01 08:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Brad\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Brad\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-14 06:02 . 2007-08-22 01:45 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-02-14 06:02 . 2007-08-22 01:33 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-02-06 22:16 . 2010-02-06 22:16 52224 ----a-w- c:\documents and settings\Brad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2003-08-27 21:19 . 2005-07-19 03:58 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-13 2010864]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
"System Mechanic Startup Guard"="c:\program files\iolo\System Mechanic 5 Professional\StartupGuard.exe" [2004-08-30 730624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-24 73728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-8-21 118784]
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2004-12-13 221184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 17:46 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5 Professional\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [5/7/2005 8:45 AM 9344]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [12/8/2004 8:46 AM 84529]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/22/2010 9:02 PM 162768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/22/2010 9:08 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/22/2010 9:08 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/22/2010 9:08 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/22/2010 9:02 PM 19024]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [5/7/2005 8:45 AM 389504]
R2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [11/17/2005 8:27 PM 38176]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/22/2010 9:08 PM 1284600]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S0 pwsgfyl;pwsgfyl;c:\windows\system32\drivers\wgxkprc.sys --> c:\windows\system32\drivers\wgxkprc.sys [?]
S0 pxfoxqkk;pxfoxqkk;c:\windows\system32\drivers\qtejo.sys --> c:\windows\system32\drivers\qtejo.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:01 PM 135664]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/22/2010 9:08 PM 3364856]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [12/27/2004 12:52 PM 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [12/27/2004 1:44 PM 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [12/27/2004 2:20 PM 21081]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [12/20/2004 9:44 AM 48128]
S3 SGUARD;SGUARD;c:\windows\system32\drivers\SGuard.sys [6/16/2006 11:21 AM 28236]
.
Contents of the 'Scheduled Tasks' folder

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 17:10]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:01]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:01]

2009-01-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2010-04-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pricecatcher.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\lc56it7k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\Brad\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 13:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-25 13:55:49
ComboFix-quarantined-files.txt 2010-04-25 20:55
ComboFix2.txt 2010-04-14 23:30
ComboFix3.txt 2010-04-13 21:23
ComboFix4.txt 2010-04-13 17:47
ComboFix5.txt 2010-04-24 23:58

Pre-Run: 4,846,424,064 bytes free
Post-Run: 4,871,999,488 bytes free

- - End Of File - - F989CB30935A16CA65B7DCAFDF031928


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 28 April 2010 - 08:30 AM

Hi,

at this point I'm not exactly sure what you want to do. If you are going to reformat, there is no need to continue cleaning the PC or would you like it to be cleaned?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 montpax

montpax
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 28 April 2010 - 08:51 AM

Sorry for the confusion. I will reformat and do not need further cleaning.

Thanks again for your help,

montpax

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:50 AM

Posted 29 April 2010 - 04:16 AM

Since this topic appears to be resolved, I will now close it. Thanks for letting me know. smile.gif

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users