Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 jdrose1985

jdrose1985

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 June 2010 - 04:06 PM

Doing a little looking around I realized my computer was compromised via Google Images.

Seems the only way to get rid of it is by getting help here. I've already run through the prep guide and the GMER program is running on my computer now.

Thanks a bunch!

DDS (Ver_10-03-17.01) - NTFSx86
Run by best buy at 16:34:43.25 on Fri 06/25/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.393 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\best buy\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\bestbu~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igdlogin - igdlogin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bestbu~1\applic~1\mozilla\firefox\profiles\qz0u8gmz.default\
FF - component: c:\documents and settings\best buy\application data\mozilla\firefox\profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\best buy\application data\mozilla\firefox\profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 ecfd;ecfd;c:\windows\system32\ecfd.sys [2010-6-21 80896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-17 55152]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-8-17 5097632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-17 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-12 38912]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys --> c:\windows\system32\drivers\uvclf.sys [?]

=============== Created Last 30 ================

2010-06-25 19:07:34 0 d-sha-r- C:\cmdcons
2010-06-25 19:05:34 98816 ----a-w- c:\windows\sed.exe
2010-06-25 19:05:34 77312 ----a-w- c:\windows\MBR.exe
2010-06-25 19:05:34 256512 ----a-w- c:\windows\PEV.exe
2010-06-25 19:05:34 161792 ----a-w- c:\windows\SWREG.exe
2010-06-25 16:00:30 0 d-----w- c:\docume~1\bestbu~1\applic~1\Malwarebytes
2010-06-25 16:00:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 16:00:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 14:38:30 0 d-----w- c:\docume~1\bestbu~1\applic~1\QuickScan
2010-06-25 12:59:47 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-21 13:14:16 80896 ------w- c:\windows\system32\ecfd.sys

==================== Find3M ====================

2010-04-27 21:53:41 854 ----a-w- c:\docume~1\bestbu~1\applic~1\wklnhst.dat
2009-08-17 19:26:46 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-08-25 01:18:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-10-20 03:47:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009101920091020\index.dat

============= FINISH: 16:35:00.60 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-26 16:06:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\kwkyykob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\ecfd.sys The process cannot access the file because it is being used by another process.

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp ecfd.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat F6912D20

---- EOF - GMER 1.0.15 ----

Merged posts. ~ OB

Edited by Orange Blossom, 28 June 2010 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 30 June 2010 - 03:17 PM

Hi jdrose1985,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 3 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 July 2010 - 08:01 PM

Hi, you're really nice to check into this for me.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4266

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2010 8:52:24 PM
mbam-log-2010-07-01 (20-52-24).txt

Scan type: Quick scan
Objects scanned: 130539
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 7/1/2010 8:55:15 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\best buy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 393.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 126.30 Gb Free Space | 87.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CQ5MXAE89R
Current User Name: best buy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\best buy\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\best buy\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (jwjdwrv) -- C:\WINDOWS\system32\drivers\fmadmt.sys ()
DRV - (ecfd) -- C:\WINDOWS\system32\ecfd.sys ()
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AsUpIO) -- C:\WINDOWS\system32\drivers\AsUpIO.sys ()
DRV - (igd) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 08:49:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 08:49:05 | 000,000,000 | ---D | M]

[2010/01/07 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Extensions
[2010/06/27 22:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions
[2010/01/08 06:28:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 10:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/28 22:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/29 19:03:03 | 000,000,641 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [EasyMode] C:\Program Files\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Documents and Settings\best buy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/17 14:09:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/17 14:09:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 09:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/29 19:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\My Documents\NeroVision
[2010/06/29 11:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/06/26 19:35:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 19:35:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/26 17:57:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/25 15:07:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/25 15:05:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/25 15:05:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/25 15:05:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/25 15:05:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/25 15:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/25 15:04:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/25 15:01:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/25 12:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Malwarebytes
[2010/06/25 12:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/25 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/25 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\QuickScan
[2010/06/05 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Desktop\LHF Fonts
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/01 19:49:38 | 000,508,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/01 19:49:38 | 000,433,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/01 19:49:38 | 000,068,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/01 19:45:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 19:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 19:44:33 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2010/07/01 19:44:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\best buy\ntuser.ini
[2010/07/01 19:44:28 | 006,435,068 | -H-- | M] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\IconCache.db
[2010/06/30 16:17:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 19:08:27 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\best buy\default.pls
[2010/06/29 19:03:03 | 000,000,641 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/29 11:08:09 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/06/29 11:08:09 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/27 22:08:05 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fmadmt.sys
[2010/06/27 21:38:59 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/26 19:35:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 18:20:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/25 18:10:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/25 15:13:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/25 15:07:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/25 10:38:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\QuickScan Folder.lnk
[2010/06/21 13:17:57 | 000,265,959 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\09taxform.pdf
[2010/06/21 09:14:16 | 000,080,896 | ---- | M] () -- C:\WINDOWS\System32\ecfd.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 19:44:13 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/06/29 19:08:27 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\best buy\default.pls
[2010/06/29 11:30:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 11:08:09 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/06/29 11:08:09 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/27 22:08:05 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fmadmt.sys
[2010/06/26 19:35:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 15:07:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/25 15:07:36 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/25 15:05:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/25 15:05:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/25 15:05:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/25 15:05:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/25 15:05:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/25 10:38:30 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\QuickScan Folder.lnk
[2010/06/21 13:17:57 | 000,265,959 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\09taxform.pdf
[2010/06/21 09:14:16 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ecfd.sys
[2010/02/25 20:28:04 | 000,000,368 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/15 03:06:45 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/17 17:11:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/17 14:28:47 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/17 14:28:47 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/17 14:24:29 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/17 14:24:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/17 13:51:32 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/11 12:45:00 | 001,048,576 | ---- | M] () -- C:\1101HA.ROM
[2010/02/18 23:24:18 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/08/17 14:09:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/20 00:01:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/25 15:07:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/25 15:15:52 | 000,009,376 | ---- | M] () -- C:\ComboFix.txt
[2009/08/17 14:09:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/17 14:09:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/17 14:09:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 19:45:25 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/17 06:58:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/17 06:58:41 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/17 06:58:41 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/27 22:08:05 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\fmadmt.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >


OTL Extras logfile created on: 7/1/2010 8:55:15 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\best buy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 393.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 126.30 Gb Free Space | 87.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CQ5MXAE89R
Current User Name: best buy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}" = Easy Mode
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"ASUS VIBE" = ASUS VIBE
"Caesar 3 Demo" = Caesar 3 Demo
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"LPCO" = Intel® Graphics Media Accelerator 500
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PharaohDemo" = PharaohDemo
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PowerISO" = PowerISO
"Sierra Utilities" = Sierra Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2010 6:33:59 PM | Computer Name = YOUR-CQ5MXAE89R | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 3/13/2010 12:31:19 AM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application caesarivv110setup.exe, version 12.0.0.49974,
faulting module caesarivv110setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 3/13/2010 12:32:34 AM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application caesarivv110setup.exe, version 12.0.0.49974,
faulting module caesarivv110setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 3/13/2010 12:33:52 AM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application caesarivv110setup.exe, version 12.0.0.49974,
faulting module caesarivv110setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 3/13/2010 12:39:33 AM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application caesarivv110setup.exe, version 12.0.0.49974,
faulting module caesarivv110setup.exe, version 12.0.0.49974, fault address 0x0001e48b.

Error - 3/31/2010 10:48:00 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2010 10:45:50 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Hang | ID = 1002
Description = Hanging application googleearth.exe, version 5.1.3533.1731, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2010 7:27:53 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2010 9:36:08 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1020, faulting module
asacpisvr.exe, version 6.1.1.1020, fault address 0x00009bd2.

Error - 5/28/2010 6:11:14 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1020, faulting module
asacpisvr.exe, version 6.1.1.1020, fault address 0x00009bd2.

[ System Events ]
Error - 6/27/2010 10:37:38 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:37:39 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2010 10:38:10 PM | Computer Name = YOUR-CQ5MXAE89R | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0025D35B6D4F. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >



#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 02 July 2010 - 01:46 AM

Hi there,

Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 02 July 2010 - 10:01 PM

hey, here's the log, thank you again, i really appreciate it!

22:57:57:250 0832 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
22:57:57:250 0832 ================================================================================
22:57:57:250 0832 SystemInfo:

22:57:57:250 0832 OS Version: 5.1.2600 ServicePack: 3.0
22:57:57:250 0832 Product type: Workstation
22:57:57:250 0832 ComputerName: YOUR-CQ5MXAE89R
22:57:57:250 0832 UserName: best buy
22:57:57:250 0832 Windows directory: C:\WINDOWS
22:57:57:250 0832 System windows directory: C:\WINDOWS
22:57:57:250 0832 Processor architecture: Intel x86
22:57:57:250 0832 Number of processors: 2
22:57:57:250 0832 Page size: 0x1000
22:57:57:250 0832 Boot type: Normal boot
22:57:57:250 0832 ================================================================================
22:57:57:578 0832 Initialize success
22:57:57:578 0832
22:57:57:578 0832 Scanning Services ...
22:57:58:187 0832 Raw services enum returned 330 services
22:57:58:203 0832
22:57:58:203 0832 Scanning Drivers ...
22:57:58:765 0832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:57:58:796 0832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:57:58:843 0832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:57:58:890 0832 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:57:59:125 0832 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:57:59:390 0832 AR5416 (d3e782ad9dca4d6215222a43345f43b0) C:\WINDOWS\system32\DRIVERS\athw.sys
22:57:59:609 0832 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
22:57:59:656 0832 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
22:57:59:703 0832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:57:59:812 0832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:57:59:843 0832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:57:59:906 0832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:58:00:015 0832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:58:00:312 0832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:58:00:359 0832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:58:00:421 0832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:58:00:546 0832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:58:00:593 0832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:58:00:671 0832 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:58:00:781 0832 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:58:00:843 0832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:00:921 0832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:58:01:078 0832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:58:01:125 0832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:58:01:218 0832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:58:01:265 0832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:58:01:312 0832 ecfd (501f6c4e56b373bd65d845594b98cd49) C:\WINDOWS\system32\ecfd.sys
22:58:01:312 0832 Suspicious file (NoAccess): C:\WINDOWS\system32\ecfd.sys. md5: 501f6c4e56b373bd65d845594b98cd49
22:58:01:375 0832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:58:01:484 0832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:58:01:531 0832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:58:01:578 0832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:58:01:625 0832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:58:01:703 0832 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:58:01:781 0832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:58:01:843 0832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:58:01:937 0832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:58:02:000 0832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:58:02:093 0832 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:58:02:171 0832 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:58:02:250 0832 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:58:02:890 0832 igd (4a1e0f6367ff47f87cbe8a7ecf38b01d) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:58:03:171 0832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:58:03:406 0832 IntcAzAudAddService (afa6853aa949b5e151e4a10f6805b5b2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:58:03:609 0832 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:58:03:625 0832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:58:03:656 0832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:58:03:671 0832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:58:03:703 0832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:58:03:828 0832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:58:03:859 0832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:58:03:906 0832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:58:04:015 0832 jwjdwrv (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\fmadmt.sys
22:58:04:046 0832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:58:04:093 0832 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
22:58:04:218 0832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:58:04:265 0832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:58:04:312 0832 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
22:58:04:406 0832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:58:04:468 0832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:58:04:546 0832 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
22:58:04:703 0832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:58:04:750 0832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:58:04:796 0832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:58:04:921 0832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:58:05:000 0832 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:58:05:140 0832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:58:05:187 0832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:58:05:203 0832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:58:05:218 0832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:58:05:265 0832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:58:05:312 0832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:58:05:390 0832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:58:05:453 0832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:58:05:531 0832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:58:05:656 0832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:58:05:703 0832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:58:05:781 0832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:58:05:859 0832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:58:05:906 0832 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:58:05:921 0832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:58:06:000 0832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:58:06:078 0832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:58:06:125 0832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:58:06:281 0832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:58:06:328 0832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:58:06:343 0832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:58:06:390 0832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:58:06:531 0832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:58:06:578 0832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:58:06:593 0832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:58:06:625 0832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:58:06:750 0832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:58:06:875 0832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:58:06:906 0832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:58:06:937 0832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:58:07:078 0832 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:58:07:218 0832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:58:07:343 0832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:58:07:375 0832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:58:07:390 0832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:58:07:453 0832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:58:07:562 0832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:58:07:609 0832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:58:07:671 0832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:58:07:765 0832 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
22:58:07:796 0832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:58:07:843 0832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:58:07:937 0832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:58:08:000 0832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:58:08:062 0832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:58:08:125 0832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:58:08:234 0832 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:58:08:296 0832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:58:08:375 0832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:58:08:421 0832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:58:08:625 0832 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:58:08:687 0832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:58:08:796 0832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:58:08:906 0832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:58:08:921 0832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:58:08:953 0832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:58:09:031 0832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:58:09:109 0832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:58:09:171 0832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:58:09:234 0832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:58:09:281 0832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:58:09:375 0832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:58:09:453 0832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:58:09:500 0832 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:58:09:593 0832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:58:09:656 0832 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:58:09:781 0832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:58:09:843 0832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:58:09:906 0832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:58:10:015 0832 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:58:10:125 0832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:58:10:187 0832 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:58:10:218 0832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:58:10:312 0832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:58:10:390 0832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:58:10:406 0832
22:58:10:406 0832 Completed
22:58:10:406 0832
22:58:10:406 0832 Results:
22:58:10:406 0832 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:58:10:406 0832 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:58:10:406 0832
22:58:10:421 0832 KLMD(ARK) unloaded successfully


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 02 July 2010 - 10:43 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 03 July 2010 - 12:13 AM

ComboFix 10-07-01.02 - best buy 07/03/2010 0:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.400 [GMT -4:00]
Running from: c:\documents and settings\best buy\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fmadmt.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jwjdwrv
-------\Service_jwjdwrv


((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-01 23:44 . 2009-07-06 14:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-06-30 13:38 . 2010-06-30 13:38 -------- d-----w- c:\program files\MSXML 4.0
2010-06-29 15:06 . 2010-06-29 15:06 -------- d-----w- c:\documents and settings\best buy\Application Data\Nero
2010-06-29 15:03 . 2010-06-29 15:05 -------- d-----w- c:\program files\Common Files\Nero
2010-06-29 15:03 . 2010-06-29 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-29 15:03 . 2010-06-29 15:03 -------- d-----w- c:\program files\Nero
2010-06-26 23:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 23:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 19:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-25 16:00 . 2010-06-25 16:00 -------- d-----w- c:\documents and settings\best buy\Application Data\Malwarebytes
2010-06-25 16:00 . 2010-06-25 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 16:00 . 2010-06-26 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 14:38 . 2010-06-25 17:30 -------- d-----w- c:\documents and settings\best buy\Application Data\QuickScan
2010-06-25 14:38 . 2010-06-08 00:25 702120 ----a-w- c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-25 14:38 . 2010-06-08 00:25 868456 ----a-w- c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-21 13:14 . 2010-06-21 13:14 80896 ------w- c:\windows\system32\ecfd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 14:38 . 2010-02-17 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-28 02:36 . 2009-08-17 18:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 22:09 . 2009-08-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-22 15:50 . 2009-08-17 20:31 -------- d-----w- c:\program files\ASUS
2010-06-22 02:21 . 2009-08-17 19:05 -------- d-----w- c:\program files\Windows Live
2010-06-22 02:20 . 2009-08-17 18:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-22 02:20 . 2009-08-17 18:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-22 02:18 . 2009-08-17 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-24 04:39 . 2010-05-24 04:39 503808 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\msvcp71.dll
2010-05-24 04:39 . 2010-05-24 04:39 499712 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\jmc.dll
2010-05-24 04:39 . 2010-05-24 04:39 348160 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\msvcr71.dll
2010-05-12 22:42 . 2010-05-12 22:41 -------- d-----w- c:\program files\QuickTime
2010-05-12 22:41 . 2010-05-12 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-12 22:41 . 2010-05-12 22:41 -------- d-----w- c:\program files\Common Files\Apple
2010-05-12 22:40 . 2010-05-12 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-06 10:41 . 2009-08-17 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-08-17 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 21:53 . 2009-11-23 11:22 854 ----a-w- c:\documents and settings\best buy\Application Data\wklnhst.dat
2010-04-20 05:30 . 2009-08-17 17:51 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-25_19.13.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-06-29 03:42 . 2009-06-29 03:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2010-06-29 15:09 . 2010-06-29 15:09 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2010-07-03 05:00 . 2010-07-03 05:00 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
+ 2009-08-17 17:51 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2009-08-17 17:51 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-08-17 19:19 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-08-17 19:19 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2009-08-17 17:51 . 2010-07-03 05:04 68062 c:\windows\system32\perfc009.dat
- 2009-08-17 17:51 . 2010-06-25 18:02 68062 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2008-02-18 21:04 . 2008-02-18 21:04 95600 c:\windows\system32\NeroCo.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2003-04-18 20:29 . 2003-04-18 20:29 82432 c:\windows\system32\msxml4r.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2009-08-17 17:51 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll
+ 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2006-12-19 14:30 . 2006-12-19 14:30 81920 c:\windows\system32\IoctlSvc.exe
+ 2009-11-07 08:10 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-11-07 08:10 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2009-08-17 17:51 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2009-11-07 08:10 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-11-07 08:10 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-08-17 17:51 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-08-17 17:51 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-08-17 17:51 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-08-17 17:51 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-08-17 17:51 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2009-08-17 17:51 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2009-08-17 17:51 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2009-08-17 17:51 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2009-08-17 17:51 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-30 13:38 . 2010-06-30 13:38 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-06-25 22:08 . 2010-06-25 22:08 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-12-04 00:35 . 2009-12-04 00:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-04 00:35 . 2009-12-04 00:35 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-25 22:08 . 2010-06-25 22:08 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-30 13:38 . 2010-06-30 13:38 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2009-11-15 07:05 . 2009-11-15 07:05 49152 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\LiveUpdate.exe_159D431DD2094A75A6EE2B7624A40520.exe
+ 2009-11-15 07:05 . 2010-07-01 23:44 49152 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\LiveUpdate.exe_159D431DD2094A75A6EE2B7624A40520.exe
- 2009-11-15 07:05 . 2009-11-15 07:05 45056 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\Help.exe_93534D1C82624E1CB79EB496AFE18AB9.exe
+ 2009-11-15 07:05 . 2010-07-01 23:44 45056 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\Help.exe_93534D1C82624E1CB79EB496AFE18AB9.exe
- 2009-11-15 07:05 . 2009-11-15 07:05 10134 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
+ 2009-11-15 07:05 . 2010-07-01 23:44 10134 c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
+ 2008-10-25 13:18 . 2008-10-25 13:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 13:18 . 2008-10-25 13:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2010-06-25 21:58 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\b0466a8b0f5b6df9fab6b7fefe0fda8e\WindowsLiveWriter.ni.exe
+ 2010-06-26 00:19 . 2010-06-26 00:19 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7efbdde7f76cf759df2caee7260a2fa\WindowsLive.Writer.Api.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-26 00:20 . 2010-06-26 00:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-25 22:07 . 2010-06-25 22:07 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-25 22:06 . 2010-06-25 22:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-10 08:05 . 2009-11-10 08:05 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-11 08:03 . 2009-11-11 08:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-03-20 21:56 . 2008-03-20 21:56 972072 c:\windows\UNRecode.exe
+ 2007-03-22 01:02 . 2007-03-22 01:02 972336 c:\windows\UNNeroVision.exe
+ 2007-02-28 20:41 . 2007-02-28 20:41 972336 c:\windows\UNNeroShowTime.exe
+ 2007-03-21 01:22 . 2007-03-21 01:22 972336 c:\windows\UNNeroBackItUp.exe
+ 2009-08-17 17:51 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2009-08-17 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2009-08-17 17:51 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2006-03-17 19:49 . 2006-03-17 19:49 368640 c:\windows\system32\TwnLib4.dll
+ 2009-08-17 17:51 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2009-08-17 17:51 . 2008-04-14 12:00 474112 c:\windows\system32\shlwapi.dll
+ 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
- 2009-08-17 17:51 . 2010-06-25 18:02 433256 c:\windows\system32\perfh009.dat
+ 2009-08-17 17:51 . 2010-07-03 05:04 433256 c:\windows\system32\perfh009.dat
- 2009-08-17 17:51 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
- 2009-08-17 17:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
- 2009-08-17 18:05 . 2008-04-14 12:00 343040 c:\windows\system32\mspaint.exe
+ 2009-08-17 18:05 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
+ 2010-06-28 03:49 . 2010-06-28 03:49 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
- 2009-08-17 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-08-17 17:51 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2009-08-17 18:07 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2009-08-17 18:07 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 802816 c:\windows\system32\imagXRA7.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 258048 c:\windows\system32\imagXR7.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 497296 c:\windows\system32\imagXpr7.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2009-08-17 17:51 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2009-08-17 17:51 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2009-08-17 10:59 . 2010-06-28 01:38 269392 c:\windows\system32\FNTCACHE.DAT
- 2009-08-17 10:59 . 2010-02-11 21:32 269392 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-17 17:51 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2009-08-17 17:51 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2009-08-17 17:51 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-08-17 17:51 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-08-17 17:51 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2009-08-17 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-08-17 17:51 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-08-17 17:51 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-08-17 17:51 . 2008-04-14 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-08-17 17:51 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
- 2009-08-17 17:51 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-17 18:05 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
- 2009-08-17 18:05 . 2008-04-14 12:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-11-07 08:10 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-17 18:51 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-08-17 17:51 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-08-17 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-08-17 18:07 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2009-08-17 18:07 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-11-07 08:10 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-08-17 17:51 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-08-17 17:51 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-17 17:51 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-17 17:51 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2009-08-17 17:51 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-08-17 17:51 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-08-17 17:51 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-06-30 13:38 . 2010-06-30 13:38 432640 c:\windows\Installer\4d1657f.msi
+ 2010-06-30 13:38 . 2010-06-30 13:38 429568 c:\windows\Installer\4d16578.msi
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\3063a.msp
+ 2010-06-29 15:09 . 2010-06-29 15:09 100352 c:\windows\Installer\2f9d5.msi
+ 2010-06-29 15:00 . 2010-06-29 15:00 269312 c:\windows\Installer\2f9cb.msi
- 2009-08-17 19:24 . 2009-12-10 08:01 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-17 19:24 . 2009-12-10 08:01 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-25 12:52 . 2008-10-25 12:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 12:52 . 2008-10-25 12:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-06-25 21:58 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-25 21:58 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-25 21:58 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-25 21:58 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-25 21:58 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-25 21:58 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-25 21:58 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-25 21:55 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-25 21:55 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-06-25 21:55 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-06-25 22:10 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-06-25 22:10 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-06-25 22:10 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2009-08-17 18:51 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-06-26 00:16 . 2010-06-26 00:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-26 00:19 . 2010-06-26 00:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\3288750826828a49fcd13a607f8b6e90\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f4d2969ee6f09323bd537a25a63f8c8a\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec0427a2d00f9e9725016197689a1c91\WindowsLive.Writer.Passport.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a9412ca31faa72279e30397916f56dec\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8ee76cb6e8b3ad9f352c4e6715dea884\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\79972d186909c01150c5e3e278271a2b\WindowsLive.Writer.Controls.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7433c3a3e86666d5389525a538fe4c99\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\61a1d4a801bf953c5f519ec2af09999f\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5f1a3c150021f27cce77ee46d567b238\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3bc6f4aa253be583e1280e8717d7f8d4\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\38d58450efca62ee12e909d97ca49d9d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\31f1a5a87c09d9258285bd011e28e489\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0dace857a86d2f9c35e5c70a609d0607\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d5330a03a0ccdb97e7af0b861e34642\WindowsLive.Writer.Interop.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\1cd7be4e74a7f2514497d7559dff90b4\WindowsLive.Client.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-26 00:25 . 2010-06-26 00:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-25 22:27 . 2010-06-25 22:27 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-26 00:16 . 2010-06-26 00:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-25 21:59 . 2010-06-25 21:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-26 00:22 . 2010-06-26 00:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-26 00:22 . 2010-06-26 00:22 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-26 00:20 . 2010-06-26 00:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-26 00:20 . 2010-06-26 00:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-26 00:16 . 2010-06-26 00:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-26 00:16 . 2010-06-26 00:16 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-26 00:16 . 2010-06-26 00:16 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-25 22:09 . 2010-06-25 22:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-25 22:09 . 2010-06-25 22:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-25 22:09 . 2010-06-25 22:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-25 22:09 . 2010-06-25 22:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-26 00:16 . 2010-06-26 00:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-25 22:33 . 2010-06-25 22:33 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-26 00:16 . 2010-06-26 00:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-10 08:05 . 2009-11-10 08:05 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-21 04:03 . 2009-07-21 04:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2010-06-29 15:09 . 2010-06-29 15:09 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-08-17 17:51 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2009-08-17 17:51 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2008-04-14 00:54 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\system32\msxml4.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2010-06-28 03:49 . 2010-06-28 03:49 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-03-17 16:45 . 2006-03-17 16:45 1757184 c:\windows\system32\imagX7.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 08:32 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-08-17 17:51 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-17 17:51 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-08-17 17:51 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-08-17 17:51 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-08-17 18:49 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-17 18:49 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-17 18:49 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-08-17 18:07 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-17 18:07 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-17 17:51 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-17 18:07 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-08-17 18:07 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-11-07 08:10 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 08:10 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-07-01 23:44 . 2010-07-01 23:44 7890432 c:\windows\Installer\6242936.msi
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\306e7.msp
+ 2010-04-24 21:08 . 2010-04-24 21:08 9129984 c:\windows\Installer\306d0.msp
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\306b3.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\30699.msp
+ 2010-04-24 21:07 . 2010-04-24 21:07 4667392 c:\windows\Installer\30688.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\30677.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\30658.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\30657.msp
+ 2010-04-24 21:10 . 2010-04-24 21:10 8486400 c:\windows\Installer\30621.msp
+ 2010-06-29 15:05 . 2010-06-29 15:05 7593472 c:\windows\Installer\2f9d0.msi
- 2009-08-17 19:24 . 2009-12-10 08:01 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-17 19:24 . 2010-06-25 22:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-03-06 09:00 . 2009-03-06 09:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 15:49 . 2008-11-10 15:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 03:16 . 2008-11-25 03:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2010-06-25 21:58 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-25 21:58 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2009-08-17 18:49 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-17 18:49 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-17 18:49 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-26 00:17 . 2010-06-26 00:17 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3524f8df7c3471e49d795129b9b9e2e\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8790c582b992ce085d7c9d7eda101d9e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5c8f358edb8e7efb2503f43684980057\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-25 22:06 . 2010-06-25 22:06 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-25 22:00 . 2010-06-25 22:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-26 00:25 . 2010-06-26 00:25 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-26 00:25 . 2010-06-26 00:25 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-26 00:24 . 2010-06-26 00:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-25 21:59 . 2010-06-25 21:59 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-25 22:28 . 2010-06-25 22:28 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-25 22:27 . 2010-06-25 22:27 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-25 21:59 . 2010-06-25 21:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-25 21:58 . 2010-06-25 21:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-26 00:17 . 2010-06-26 00:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-26 00:22 . 2010-06-26 00:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-25 21:58 . 2010-06-25 21:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-26 00:22 . 2010-06-26 00:22 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-25 21:57 . 2010-06-25 21:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-25 22:10 . 2010-06-25 22:10 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-25 22:09 . 2010-06-25 22:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-26 00:20 . 2010-06-26 00:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-26 00:16 . 2010-06-26 00:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-26 00:23 . 2010-06-26 00:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-26 00:19 . 2010-06-26 00:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-25 22:05 . 2010-06-25 22:05 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-25 21:53 . 2010-06-25 21:53 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-25 22:05 . 2010-06-25 22:05 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-11 08:04 . 2009-11-11 08:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-25 22:05 . 2010-06-25 22:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-11-10 08:05 . 2009-11-10 08:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-25 22:04 . 2010-06-25 22:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-11-11 08:03 . 2009-11-11 08:03 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-25 21:56 . 2010-05-28 16:37 32472008 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-11-07 08:10 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\306ef.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\306bf.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\30666.msp
+ 2010-04-24 21:07 . 2010-04-24 21:07 10118144 c:\windows\Installer\3064c.msp
+ 2010-06-25 21:58 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-25 22:00 . 2010-06-25 22:00 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-26 00:18 . 2010-06-26 00:18 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-25 22:33 . 2010-06-25 22:33 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-25 21:59 . 2010-06-25 21:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-25 22:09 . 2010-06-25 22:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-25 22:07 . 2010-06-25 22:07 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-07-10 700416]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-25 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]

c:\documents and settings\best buy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 23:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/1/2010 7:44 PM 11448]
R1 ecfd;ecfd;c:\windows\system32\ecfd.sys [6/21/2010 9:14 AM 80896]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 6:45 AM 169312]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [8/17/2009 2:24 PM 5097632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/17/2009 2:25 PM 1684736]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/12/2009 5:35 AM 38912]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\
FF - component: c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 01:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2010-07-03 01:08:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 05:08

Pre-Run: 135,571,841,024 bytes free
Post-Run: 135,544,578,048 bytes free

- - End Of File - - B70E31FE7CFA8D58E588B3841BB7085D


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 03 July 2010 - 11:49 AM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
Driver::
ecfd

File::
c:\windows\system32\ecfd.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 03 July 2010 - 02:43 PM

Here ya go

ComboFix 10-07-01.02 - best buy 07/03/2010 15:29:27.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.521 [GMT -4:00]
Running from: c:\documents and settings\best buy\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\best buy\My Documents\Downloads\cfscript.txt

FILE ::
"c:\windows\system32\ecfd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ecfd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ECFD
-------\Service_ecfd


((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-01 23:44 . 2009-07-06 14:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-06-30 13:38 . 2010-06-30 13:38 -------- d-----w- c:\program files\MSXML 4.0
2010-06-29 15:06 . 2010-06-29 15:06 -------- d-----w- c:\documents and settings\best buy\Application Data\Nero
2010-06-29 15:03 . 2010-06-29 15:05 -------- d-----w- c:\program files\Common Files\Nero
2010-06-29 15:03 . 2010-06-29 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-06-29 15:03 . 2010-06-29 15:03 -------- d-----w- c:\program files\Nero
2010-06-26 23:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 23:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 19:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-25 16:00 . 2010-06-25 16:00 -------- d-----w- c:\documents and settings\best buy\Application Data\Malwarebytes
2010-06-25 16:00 . 2010-06-25 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 16:00 . 2010-06-26 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 14:38 . 2010-06-25 17:30 -------- d-----w- c:\documents and settings\best buy\Application Data\QuickScan
2010-06-25 14:38 . 2010-06-08 00:25 702120 ----a-w- c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-25 14:38 . 2010-06-08 00:25 868456 ----a-w- c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 14:38 . 2010-02-17 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-28 02:36 . 2009-08-17 18:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 22:09 . 2009-08-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-22 15:50 . 2009-08-17 20:31 -------- d-----w- c:\program files\ASUS
2010-06-22 02:21 . 2009-08-17 19:05 -------- d-----w- c:\program files\Windows Live
2010-06-22 02:20 . 2009-08-17 18:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-22 02:20 . 2009-08-17 18:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-22 02:18 . 2009-08-17 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-24 04:39 . 2010-05-24 04:39 503808 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\msvcp71.dll
2010-05-24 04:39 . 2010-05-24 04:39 499712 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\jmc.dll
2010-05-24 04:39 . 2010-05-24 04:39 348160 ----a-w- c:\documents and settings\best buy\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-415d347d-n\msvcr71.dll
2010-05-12 22:42 . 2010-05-12 22:41 -------- d-----w- c:\program files\QuickTime
2010-05-12 22:41 . 2010-05-12 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-12 22:41 . 2010-05-12 22:41 -------- d-----w- c:\program files\Common Files\Apple
2010-05-12 22:40 . 2010-05-12 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-06 10:41 . 2009-08-17 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-08-17 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 21:53 . 2009-11-23 11:22 854 ----a-w- c:\documents and settings\best buy\Application Data\wklnhst.dat
2010-04-20 05:30 . 2009-08-17 17:51 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-07-03_05.04.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-03 19:36 . 2010-07-03 19:36 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-07-10 700416]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-25 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]

c:\documents and settings\best buy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 23:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/1/2010 7:44 PM 11448]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 6:45 AM 169312]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [8/17/2009 2:24 PM 5097632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/17/2009 2:25 PM 1684736]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/12/2009 5:35 AM 38912]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\
FF - component: c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-07-03 15:40:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 19:40
ComboFix2.txt 2010-07-03 05:08
ComboFix3.txt 2010-06-25 19:15

Pre-Run: 135,566,708,736 bytes free
Post-Run: 135,547,969,536 bytes free

- - End Of File - - 1124AF29020ABF6ED32E17E58D21A5B7


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 03 July 2010 - 02:46 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 06 July 2010 - 11:48 AM

Hey, sorry it's taken me a while to get back with you...long 4th of July weekend, hope yours went well!

here's the latest logs. looks like i'm still infected. any antivirus programs you recommend which actually do their job?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, July 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 20:15:16
Records in database: 4243479
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 54568
Threats found: 4
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 11:37:27


File name / Threat / Threats count
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP143\A0029193.exe Infected: Trojan-Downloader.Win32.FraudLoad.xdwh 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP143\A0029195.dll Infected: Trojan.Win32.FraudPack.ayga 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP143\A0029197.dll Infected: Trojan.Win32.Tdss.beea 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP143\A0029198.dll Infected: Trojan.Win32.Tdss.beea 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP143\A0029200.dll Infected: Trojan.Win32.Tdss.beea 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP144\A0029232.dll Infected: Trojan.Win32.Tdss.beea 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP144\A0029235.dll Infected: Trojan.Win32.Tdss.beea 1
C:\System Volume Information\_restore{8244A3B9-3806-4325-B0B1-93AAAAE4ABBF}\RP144\A0029241.dll Infected: Trojan.Win32.FraudPack.ayfz 1

Selected area has been scanned.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/3/2010 4:13:16 PM
mbam-log-2010-07-03 (16-13-16).txt

Scan type: Quick scan
Objects scanned: 130543
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 06 July 2010 - 12:07 PM

Hi there,

Actually you're safe from those threats, those are just locked away in restore points. We'll get rid of those shortly. I'll also give you some recommendations on antivirus once we're done here.

Everything else looks good, are you still having any problems?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 07 July 2010 - 03:17 PM

Everything is running really good now! I am so glad to have my computer back without feeling like i've been...violated lol. Here's the latest log...





OTL logfile created on: 7/7/2010 4:11:17 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\best buy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 126.42 Gb Free Space | 87.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CQ5MXAE89R
Current User Name: best buy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\best buy\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\best buy\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (uvclf) -- C:\WINDOWS\System32\DRIVERS\uvclf.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AsUpIO) -- C:\WINDOWS\system32\drivers\AsUpIO.sys ()
DRV - (igd) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 08:49:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 08:49:05 | 000,000,000 | ---D | M]

[2010/01/07 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Extensions
[2010/07/07 14:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions
[2010/01/08 06:28:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 10:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Profiles\qz0u8gmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/07/07 14:55:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/03 15:36:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [EasyMode] C:\Program Files\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Documents and Settings\best buy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\best buy\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/17 14:09:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ad81fbd-2fc0-11df-a9f7-0025d35b6d4f}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad81fbd-2fc0-11df-a9f7-0025d35b6d4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad81fbd-2fc0-11df-a9f7-0025d35b6d4f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 16:00:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\best buy\Desktop\TDSSKiller.exe
[2010/06/30 09:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/29 19:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\My Documents\NeroVision
[2010/06/29 11:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/06/29 11:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/06/26 19:35:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 19:35:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/25 15:07:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/25 15:05:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/25 15:05:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/25 15:05:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/25 15:05:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/25 15:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/25 15:04:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/25 12:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\Malwarebytes
[2010/06/25 12:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/25 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/25 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Application Data\QuickScan
[2010/06/05 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Desktop\LHF Fonts
[2010/05/12 18:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/12 18:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/12 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/12 18:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Local Settings\Application Data\Apple
[2010/05/12 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/12 18:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\best buy\Local Settings\Application Data\Apple Computer

========== Files - Modified Within 90 Days ==========

[2010/07/07 14:49:56 | 000,508,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/07 14:49:56 | 000,433,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/07 14:49:56 | 000,068,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/07 14:45:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 14:45:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 19:32:00 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\best buy\NTUSER.DAT
[2010/07/06 19:32:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\best buy\ntuser.ini
[2010/07/04 19:44:24 | 007,145,706 | -H-- | M] () -- C:\Documents and Settings\best buy\Local Settings\Application Data\IconCache.db
[2010/07/04 19:09:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 15:36:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 15:36:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\best buy\Desktop\TDSSKiller.exe
[2010/06/30 16:17:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 19:08:27 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\best buy\default.pls
[2010/06/29 11:08:09 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/06/29 11:08:09 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/27 21:38:59 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/26 19:35:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 18:10:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/25 15:07:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/25 10:38:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\best buy\Desktop\QuickScan Folder.lnk
[2010/06/21 13:17:57 | 000,265,959 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\09taxform.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:53:41 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\dangleyjuice.wps
[2010/04/27 17:53:41 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\best buy\Application Data\wklnhst.dat
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/22 13:27:46 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\Larry Article.wps
[2010/04/17 09:50:19 | 000,559,618 | ---- | M] () -- C:\Documents and Settings\best buy\My Documents\q_cavs_parking_north.pdf

========== Files Created - No Company Name ==========

[2010/07/01 19:44:13 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/06/29 19:08:27 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\best buy\default.pls
[2010/06/29 11:30:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 11:08:09 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\best buy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/06/29 11:08:09 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/06/26 19:35:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 15:07:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/25 15:07:36 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/25 15:05:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/25 15:05:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/25 15:05:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/25 15:05:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/25 15:05:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/25 10:38:30 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\best buy\Desktop\QuickScan Folder.lnk
[2010/06/21 13:17:57 | 000,265,959 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\09taxform.pdf
[2010/04/27 17:53:41 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\dangleyjuice.wps
[2010/04/17 09:50:19 | 000,559,618 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\q_cavs_parking_north.pdf
[2010/04/13 22:31:59 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\best buy\My Documents\Larry Article.wps
[2010/02/25 20:28:04 | 000,000,368 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/15 03:06:45 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/17 17:11:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/17 14:28:47 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/17 14:28:47 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/17 14:24:29 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/17 14:24:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/17 13:51:32 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/02/18 23:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/17 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2009/08/17 16:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\ASUS
[2010/06/25 13:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\QuickScan
[2010/01/09 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\best buy\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/11 12:45:00 | 001,048,576 | ---- | M] () -- C:\1101HA.ROM
[2010/02/18 23:24:18 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/08/17 14:09:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/20 00:01:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/25 15:07:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/03 15:40:26 | 000,011,904 | ---- | M] () -- C:\ComboFix.txt
[2009/08/17 14:09:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/17 14:09:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/17 14:09:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/07 14:45:14 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/02 22:58:10 | 000,033,422 | ---- | M] () -- C:\TDSSKiller.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/17 06:58:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/17 06:58:41 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/17 06:58:41 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\best buy\Desktop\eula.txt:SummaryInformation
< End of report >



#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:07 PM

Posted 07 July 2010 - 04:12 PM

Hi there,

Everything looks fixed to me, glad I was able to help you sort it out. smile.gif

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top.
STEP 2 - Uninstall ComboFix
  • Rename the Combo-Fix file on your desktop to Uninstall.
  • Double click on Uninstall to uninstall the program.
STEP 3 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 jdrose1985

jdrose1985
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 07 July 2010 - 07:27 PM

Wow, thank you! I've just downloaded the virus protection, etc, I just about drained my paypal account today but i'm sending you what small amount is left, I really appreciate your help!

Justin Rose




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users