Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with: Generic Host Process for Win32


  • Please log in to reply
11 replies to this topic

#1 paganorr

paganorr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 23 August 2010 - 03:51 AM

Hi, I'm actually having a few problems with my computer that I think might be related since they all began around the same time. Any advice would be appreciated greatly. I'm going to provide a description of each of the problems followed by a copy of my log from HijackThis.

1. At least a few times a day, new tabs will open up in Firefox that redirect me to an advertisement (e.g. hxxp://cuic.com/search.php
hxxp://www.bighealthtree.com/video/s-23
hxxp://lpgen.info/mylpgen/regerrors1/64x1299764_r1?c=camp3]
hxxp://tutoringonlineservices.com/
and hxxp://www.shopica.com/search.php?q=Design+Web&txn=3152-C1D4B7B8 )

Some of these even change the size of the Firefox window. Also, while searching with Google on Firefox, links will either be dead (404 error) or redirect me to an entirely irrelevant page. I have only seen this happen twice, but immediately after I searched the exact same phrase on Google Chrome, clicked the same links, and it worked fine.

2. This next problem was a lot worse the other day, but after running a few anti-virus programs in Safe Mode, its frequency decreased but hasn't disappeared completely. The other day I couldn't even turn on my computer for 10 minutes without this happening but now it will go a few hours until the problem occurs. Anyway, the problem occurs when I get an error message that says: "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."

3. I am connected wirelessly to my router. I know this problem is due to my computer since I just moved (and changed routers and internet providers) and continue to have the same problem. All of a sudden my internet will just stop working. It still shows that I'm connected but when I hover over Wireless Network Connection, "Access Point" is located where my Network name should be. It still says I'm connected with Excellent signal strength. When I try to view Available Wireless Networks, it says Windows is not configured. When I go to "Change advance settings," the "Wireless Networks" tab has disappeared so I can't get to the check box for "Use Windows to configure my wireless network settings" to re-check it. I then have to restart my computer before the "Wireless Networks" tab returns. After that, everything works fine for awhile until it happens again. This would usually happen shortly after problem #2 occurred so I think they are somehow related.



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:32 AM, on 8/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:job-vwjg6-1743545261@craigslist.org?subject=Earn%20extra%20money!%20(Richmond)&body=%0A%0Ahttp%3A%2F%2Frichmond.craigslist.org%2Fetc%2F1743545261.html%0A
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Audiogalaxy] C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Audiogalaxy\Audiogalaxy.exe /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10697 bytes

Edited by Orange Blossom, 24 August 2010 - 09:17 PM.
Move to Log Forum. ~BZ Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 29 August 2010 - 02:56 PM

Hi paganorr,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 paganorr

paganorr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 21 September 2010 - 12:04 PM

Sorry it took so long to respond (I was waiting for an e-mail from the forum saying someone replied but never got one and randomly logged in to check in manually). It won't happen again. Anyway, I added the logs as attachments since I was having trouble posting the whole thing in here.

OTL logfile created on: 9/21/2010 12:55:46 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ricky.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 640.00 Mb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 137.78 Gb Total Space | 1.49 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: ricky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ricky.HOME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ricky.HOME\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\TDispVol.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PGSUSFLT) -- C:\WINDOWS\system32\drivers\pgsuspend.SYS (Toshiba)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSPX.SYS (Symantec Corporation)
DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\WINDOWS\system32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSNB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSNB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNB&bmod=TSNB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {F21754C7-683E-4EE8-81F3-2DA367A84F5C}:1.9.1
FF - prefs.js..extensions.enabledItems: {B08A2433-3588-45FA-860F-DC8ACC9725BD}:1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\extensions\\{F21754C7-683E-4EE8-81F3-2DA367A84F5C}: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\{F21754C7-683E-4EE8-81F3-2DA367A84F5C} [2010/07/15 17:47:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B08A2433-3588-45FA-860F-DC8ACC9725BD}: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\{B08A2433-3588-45FA-860F-DC8ACC9725BD} [2010/08/03 17:32:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 19:30:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/20 19:30:21 | 000,000,000 | ---D | M]

[2010/04/23 11:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ricky.HOME\Application Data\Mozilla\Extensions
[2010/09/15 17:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions
[2010/09/04 19:22:18 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/09/13 14:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\chachaguidebar@chacha.com
[2010/09/19 18:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 01:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 19:28:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe ()
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009/11/19 02:26:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/21 12:45:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ricky.HOME\Desktop\OTL.exe
[2010/09/21 06:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/21 06:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/20 03:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/15 11:56:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ricky.HOME\My Documents\ppmt.cgi_files
[2010/09/11 12:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ricky.HOME\My Documents\MORE
[2010/09/08 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2010/09/08 18:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Help
[2010/09/08 18:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ricky.HOME\Application Data\Help
[2010/08/31 02:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ricky.HOME\My Documents\Hand History
[2010/08/31 01:54:45 | 000,000,000 | RH-D | C] -- C:\My Books
[2010/08/23 03:10:36 | 000,680,624 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\Fliqlo.scr
[2010/08/23 03:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/08/23 03:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\Screentime
[2010/08/23 02:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PolarClock3 dir
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/21 12:45:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ricky.HOME\Desktop\OTL.exe
[2010/09/21 12:44:02 | 000,000,988 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006UA.job
[2010/09/21 12:26:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/21 12:26:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/21 12:19:47 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\ntuser.dat
[2010/09/21 11:28:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/21 11:27:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/21 11:27:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/21 11:27:36 | 1062,645,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 11:23:21 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\IconCache.db
[2010/09/21 11:23:11 | 000,005,779 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Desktop\Document.rtf
[2010/09/21 04:50:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ricky.HOME\ntuser.ini
[2010/09/21 02:46:03 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Desktop\Google Chrome.lnk
[2010/09/21 02:44:04 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006Core.job
[2010/09/20 21:04:07 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\DOCUMENT.rtf
[2010/09/19 18:43:02 | 000,003,520 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\MNEY.rtf
[2010/09/17 02:28:14 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\WANT.rtf
[2010/09/15 11:56:10 | 000,007,533 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\ppmt.cgi.htm
[2010/09/15 11:45:05 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\cvdm.err
[2010/09/15 10:32:48 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\CMD.rtf
[2010/09/14 01:59:21 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/13 02:46:05 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 19:08:01 | 000,627,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/08 19:08:01 | 000,534,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/08 19:08:01 | 000,101,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/31 02:31:08 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Videos.lnk
[2010/08/31 02:31:06 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Pictures.lnk
[2010/08/31 02:31:03 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Music.lnk
[2010/08/31 02:31:01 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Books.lnk
[2010/08/31 02:15:24 | 000,015,035 | ---- | M] () -- C:\Documents and Settings\ricky.HOME\My Documents\RESUME.doc
[2010/08/23 03:11:01 | 000,680,624 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\Fliqlo.scr
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 11:27:36 | 1062,645,760 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/20 01:36:10 | 000,005,779 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Desktop\Document.rtf
[2010/09/15 11:56:08 | 000,007,533 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\My Documents\ppmt.cgi.htm
[2010/09/15 11:33:20 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\cvdm.err
[2010/08/31 02:31:08 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Videos.lnk
[2010/08/31 02:31:06 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Pictures.lnk
[2010/08/31 02:31:03 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Music.lnk
[2010/08/31 02:31:01 | 000,000,411 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\My Books.lnk
[2010/08/31 01:36:28 | 000,003,520 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\My Documents\MNEY.rtf
[2010/08/23 05:24:50 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Desktop\Google Chrome.lnk
[2010/08/15 22:15:11 | 000,000,878 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/13 21:29:56 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Application Data\wklnhst.dat
[2010/08/04 03:42:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/12 16:53:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2010/06/01 22:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/01 22:16:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/06 15:57:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2010/04/26 21:19:36 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 11:06:33 | 000,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys
[2009/12/15 04:36:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/12/15 04:32:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/15 04:27:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2009/12/15 04:22:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2009/12/15 04:21:29 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009/11/19 17:51:56 | 000,000,353 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/19 17:43:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2009/11/19 03:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2009/06/06 05:42:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2009/05/01 13:27:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2009/04/28 08:37:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2009/04/02 13:35:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/19 02:26:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/19 23:53:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/19 02:26:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/03 15:29:31 | 000,015,182 | -H-- | M] () -- C:\drwtsn32.log
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | -H-- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | -H-- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | -H-- | M] () -- C:\globdata.ini
[2010/09/21 11:27:36 | 1062,645,760 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | -H-- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | -H-- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/19 02:26:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/23 02:41:43 | 000,001,357 | -H-- | M] () -- C:\IPH.PH
[2009/11/19 02:26:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/21 11:27:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | -H-- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | -H-- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | -H-- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 19:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 18:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 19:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 18:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/11/19 02:25:52 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 16:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/11/18 18:20:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/18 18:20:38 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/18 18:20:38 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/19 02:26:16 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 04:53:52
< End of report >

Attached Files


Edited by mpascal, 21 September 2010 - 06:02 PM.
opened log


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 21 September 2010 - 06:13 PM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    FF - HKLM\software\mozilla\Firefox\extensions\\{F21754C7-683E-4EE8-81F3-2DA367A84F5C}: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\{F21754C7-683E-4EE8-81F3-2DA367A84F5C} [2010/07/15 17:47:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{B08A2433-3588-45FA-860F-DC8ACC9725BD}: C:\Documents and Settings\ricky.HOME\Local Settings\Application Data\{B08A2433-3588-45FA-860F-DC8ACC9725BD} [2010/08/03 17:32:59 | 000,000,000 | ---D | M]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Open up OTL and push the Quickscan button. Post the resulting log here in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 paganorr

paganorr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 22 September 2010 - 04:43 PM

OTL (First File) was what popped up when I first opened OTL after running the fix and rebooting the computer. The second log is after running the quick scan (OTL).

Attached Files



#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 23 September 2010 - 09:14 AM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 paganorr

paganorr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 23 September 2010 - 11:33 AM

When I first started ComboFix, I received this message:

ComboFix has detected the following real time scanner(s) to be active:

antivirus: Norton Internet Security Netbook Edition

The above real time scanner(s) are still active but ComboFix shall continue to run. Kinly note that this is at your own risk.


However, I could not find any trace of Norton anywhere on my computer so I was unable to disable it. I hope this isn't a problem.

ComboFix also had to reboot my computer before it began because something else was running but I didn't catch what it was. Other than that, everything seemed to work just as the tutorial said it would.

ComboFix 10-09-22.06 - ricky 09/23/2010 12:03:32.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.737 [GMT -4:00]

Running from: c:\documents and settings\ricky.HOME\Desktop\ComboFix.exe

AV: Norton Internet Security Netbook Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security Netbook Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Install.exe

c:\windows\system32\sda

c:\windows\system32\sda\SDRTCPRM.dll



Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected

Restored copy from - Kitty had a snack tongue.gif

.

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))

.



2010-09-22 21:24 . 2010-09-22 21:24 -------- d-----w- C:\_OTL

2010-09-08 23:09 . 2010-09-08 23:13 -------- d-----w- c:\program files\ComicRack

2010-09-08 22:43 . 2010-09-08 22:43 -------- d-----w- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Help

2010-09-07 07:02 . 2010-09-07 07:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-07 04:00 . 2010-09-07 04:00 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-28 04:52 . 2010-08-28 04:52 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-08-28 04:51 . 2010-08-28 04:51 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-08-28 04:51 . 2010-08-28 04:51 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-08-28 04:51 . 2010-08-28 04:51 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-08-28 04:50 . 2010-09-07 04:00 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-23 05:43 . 2010-04-23 16:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\BitTorrent

2010-09-08 23:00 . 2009-12-15 07:57 -------- d-----w- c:\program files\Microsoft.NET

2010-09-07 07:10 . 2010-04-21 21:41 -------- d-----w- c:\program files\iTunes

2010-09-07 07:09 . 2010-04-21 21:42 -------- d-----w- c:\program files\iPod

2010-09-07 07:05 . 2010-04-21 21:41 -------- d-----w- c:\program files\QuickTime

2010-09-07 04:00 . 2010-05-16 04:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\program files\DivX

2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-07 04:00 . 2010-09-07 04:00 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-09-07 04:00 . 2010-08-28 04:52 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll

2010-09-07 04:00 . 2010-05-16 04:51 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-09-07 04:00 . 2010-05-16 04:51 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll

2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

2010-08-31 06:21 . 2010-07-20 02:42 -------- d-----w- c:\program files\PokerStars

2010-08-31 05:34 . 2010-04-23 15:33 -------- d-----w- c:\program files\BitTorrent

2010-08-28 15:31 . 2010-08-28 15:31 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-sse.dll

2010-08-28 15:31 . 2010-08-28 15:31 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcp71.dll

2010-08-28 15:31 . 2010-08-28 15:31 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\jmc.dll

2010-08-28 15:31 . 2010-08-28 15:31 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcr71.dll

2010-08-28 15:31 . 2010-08-28 15:31 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-d3d.dll

2010-08-23 07:11 . 2010-08-23 07:11 39088 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver1.dll

2010-08-23 07:11 . 2010-08-23 07:11 22976 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver2.dll

2010-08-23 07:11 . 2010-08-23 07:10 680624 ----a-w- c:\windows\system32\Fliqlo.scr

2010-08-23 07:11 . 2010-08-23 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime

2010-08-20 01:33 . 2010-09-04 23:22 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll

2010-08-20 01:33 . 2010-09-04 23:22 101376 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll

2010-08-16 01:15 . 2010-08-16 01:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-16 01:03 . 2010-08-04 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-08-15 23:26 . 2010-08-04 17:26 63488 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-15 23:26 . 2010-08-04 17:25 117760 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-15 23:21 . 2010-07-15 21:48 120 ----a-w- c:\windows\Dmimupufaxawi.dat

2010-08-15 04:23 . 2010-07-15 21:48 0 ----a-w- c:\windows\Oveyocozofu.bin

2010-08-14 01:30 . 2010-08-14 01:29 138 ----a-w- c:\documents and settings\ricky.HOME\Application Data\wklnhst.dat

2010-08-14 01:29 . 2010-08-14 01:29 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Template

2010-08-13 23:28 . 2009-11-19 07:11 -------- d-----w- c:\program files\Java

2010-08-09 15:17 . 2010-08-09 15:17 503808 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcp71.dll

2010-08-09 15:17 . 2010-08-09 15:17 499712 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\jmc.dll

2010-08-09 15:17 . 2010-08-09 15:17 348160 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcr71.dll

2010-08-09 15:17 . 2010-08-09 15:17 61440 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-sse.dll

2010-08-09 15:17 . 2010-08-09 15:17 12800 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-d3d.dll

2010-08-05 17:40 . 2010-08-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-04 17:26 . 2010-08-04 17:26 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com

2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-04 17:12 . 2009-11-19 07:11 -------- d-----w- c:\program files\TOSHIBA

2010-08-04 04:05 . 2010-08-04 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-03 23:31 . 2010-08-03 23:31 -------- d-----w- c:\program files\Trend Micro

2010-08-03 19:38 . 2010-07-31 23:49 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Azureus

2010-08-01 21:51 . 2010-05-09 00:22 -------- d-----w- c:\program files\Steam

2010-08-01 21:49 . 2010-05-19 00:01 -------- d-----w- c:\program files\X-Moto

2010-07-27 20:29 . 2010-07-27 20:29 -------- d-----w- c:\program files\ESET

2010-07-17 09:00 . 2010-04-24 05:44 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-23 15:06 . 2010-04-23 15:06 13 --sh--r- c:\windows\system32\drivers\fbd.sys

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]

"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]

"ACU"="c:\program files\Atheros\ACU.exe" [2009-10-08 471129]

"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-10-09 86016]

"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-04-28 90112]

"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]

"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-11-14 873840]

"TDispVol"="TDispVol.exe" [2009-12-15 208896]

"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]

"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-10-09 110592]

"TPSMain"="TPSMain.exe" [2009-09-30 268864]

"Zooming"="ZoomingHook.exe" [2005-06-06 24576]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\ricky.HOME\\Start Menu\\Programs\\Games\\Call of Duty 1\\CoDMP.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\rocket knight demo\\RocketKnight_ConfigTool.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard demo\\BeatHazardDemo.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=

"c:\\Documents and Settings\\ricky.HOME\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=



R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [6/29/2009 2:25 PM 29760]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/11/2009 11:11 PM 6528]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/23/2010 2:41 AM 24652]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [4/23/2010 11:07 AM 24064]

R3 PGSUSFLT;PGSUSFLT;c:\windows\system32\drivers\pgsuspend.SYS [12/15/2009 4:29 AM 18816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 3:11 PM 136176]

S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/15/2009 4:16 AM 1684736]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/15/2009 4:16 AM 174592]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [8/4/2010 1:12 PM 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [9/17/2009 7:37 PM 111960]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder



2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]



2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]



2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006Core.job

- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]



2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006UA.job

- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:job-vwjg6-1743545261@craigslist.org?subject=Earn%20extra%20money!%20(Richmond)&body=%0A%0Ahttp%3A%2F%2Frichmond.craigslist.org%2Fetc%2F1743545261.html%0A

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

FF - ProfilePath - c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\

FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll

FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\



---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -



HKCU-Run-Aim6 - (no file)

MSConfigStartUp-Gyiligafeyuzubi - c:\windows\wutacl1.dll

AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-23 12:21

Windows 5.1.2600 Service Pack 3 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net



device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys thpdrv.sys hal.dll >>UNKNOWN [0x84C61EC5]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7636f28

\Driver\ACPI -> ACPI.sys @ 0xf74c9cb8

\Driver\iaStor -> iaStor.sys @ 0xf73df988

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Atheros AR9285 Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72b4bd4

PacketIndicateHandler -> NDIS.sys @ 0xf72c0a21

SendHandler -> NDIS.sys @ 0xf72b4d44

user & kernel MBR OK



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'winlogon.exe'(1084)

c:\windows\system32\WININET.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL



- - - - - - - > 'lsass.exe'(1144)

c:\windows\system32\WININET.dll

.

Completion time: 2010-09-23 12:27:54

ComboFix-quarantined-files.txt 2010-09-23 16:27



Pre-Run: 3,899,785,216 bytes free

Post-Run: 3,906,617,344 bytes free



WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect



- - End Of File - - F52471BAD2D56A8A40C7D05407E36584

Attached Files


Edited by mpascal, 25 September 2010 - 12:36 PM.
opened log


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 25 September 2010 - 12:39 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\windows\Oveyocozofu.bin
c:\windows\Dmimupufaxawi.dat
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 paganorr

paganorr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 27 September 2010 - 09:31 AM

I'm still having the same problems with ComboFix as before regarding Norton Internet Security Netbook Edition being active. Also, the computer had to be rebooted because rootkit activity was detected (which also showed up the first time I ran ComboFix, however, I didn't see what it said). I'm not sure if either of these are a problem, but I thought I would let you know.

ComboFix 10-09-26.04 - ricky 09/27/2010 10:15:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.736 [GMT -4:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\ricky.HOME\Desktop\CFScript.txt
AV: Norton Internet Security Netbook Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"c:\windows\Dmimupufaxawi.dat"
"c:\windows\Oveyocozofu.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Dmimupufaxawi.dat
c:\windows\Oveyocozofu.bin

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-22 21:24 . 2010-09-22 21:24 -------- d-----w- C:\_OTL
2010-09-08 23:09 . 2010-09-08 23:13 -------- d-----w- c:\program files\ComicRack
2010-09-08 22:43 . 2010-09-08 22:43 -------- d-----w- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Help
2010-09-07 07:02 . 2010-09-07 07:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-07 04:00 . 2010-09-07 04:00 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 04:00 . 2010-09-07 04:00 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-04 23:22 . 2010-08-20 01:33 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-09-04 23:22 . 2010-08-20 01:33 101376 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-31 05:54 . 2010-08-31 07:04 -------- d-----r- C:\My Books
2010-08-28 15:31 . 2010-08-28 15:31 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-sse.dll
2010-08-28 15:31 . 2010-08-28 15:31 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcp71.dll
2010-08-28 15:31 . 2010-08-28 15:31 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\jmc.dll
2010-08-28 15:31 . 2010-08-28 15:31 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcr71.dll
2010-08-28 15:31 . 2010-08-28 15:31 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 05:43 . 2010-04-23 16:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\BitTorrent
2010-09-08 23:00 . 2009-12-15 07:57 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 07:10 . 2010-04-21 21:41 -------- d-----w- c:\program files\iTunes
2010-09-07 07:09 . 2010-04-21 21:42 -------- d-----w- c:\program files\iPod
2010-09-07 07:05 . 2010-04-21 21:41 -------- d-----w- c:\program files\QuickTime
2010-09-07 04:00 . 2010-05-16 04:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\program files\DivX
2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-07 04:00 . 2010-08-28 04:52 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-07 04:00 . 2010-08-28 04:50 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 04:00 . 2010-05-16 04:51 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-07 04:00 . 2010-05-16 04:51 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-31 06:21 . 2010-07-20 02:42 -------- d-----w- c:\program files\PokerStars
2010-08-31 05:34 . 2010-04-23 15:33 -------- d-----w- c:\program files\BitTorrent
2010-08-28 04:52 . 2010-08-28 04:52 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-23 07:11 . 2010-08-23 07:11 39088 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver1.dll
2010-08-23 07:11 . 2010-08-23 07:11 22976 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver2.dll
2010-08-23 07:11 . 2010-08-23 07:10 680624 ----a-w- c:\windows\system32\Fliqlo.scr
2010-08-23 07:11 . 2010-08-23 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2010-08-16 01:15 . 2010-08-16 01:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 01:03 . 2010-08-04 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 23:26 . 2010-08-04 17:26 63488 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-15 23:26 . 2010-08-04 17:25 117760 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 01:30 . 2010-08-14 01:29 138 ----a-w- c:\documents and settings\ricky.HOME\Application Data\wklnhst.dat
2010-08-14 01:29 . 2010-08-14 01:29 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Template
2010-08-13 23:28 . 2009-11-19 07:11 -------- d-----w- c:\program files\Java
2010-08-09 15:17 . 2010-08-09 15:17 503808 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcp71.dll
2010-08-09 15:17 . 2010-08-09 15:17 499712 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\jmc.dll
2010-08-09 15:17 . 2010-08-09 15:17 348160 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcr71.dll
2010-08-09 15:17 . 2010-08-09 15:17 61440 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-sse.dll
2010-08-09 15:17 . 2010-08-09 15:17 12800 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-d3d.dll
2010-08-05 17:40 . 2010-08-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-04 17:26 . 2010-08-04 17:26 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 17:12 . 2009-11-19 07:11 -------- d-----w- c:\program files\TOSHIBA
2010-08-04 04:05 . 2010-08-04 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 23:31 . 2010-08-03 23:31 -------- d-----w- c:\program files\Trend Micro
2010-08-03 19:38 . 2010-07-31 23:49 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Azureus
2010-08-01 21:51 . 2010-05-09 00:22 -------- d-----w- c:\program files\Steam
2010-08-01 21:49 . 2010-05-19 00:01 -------- d-----w- c:\program files\X-Moto
2010-07-17 09:00 . 2010-04-24 05:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 15:06 . 2010-04-23 15:06 13 --sh--r- c:\windows\system32\drivers\fbd.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-23_16.21.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 14:13 . 2010-09-27 14:13 16384 c:\windows\Temp\Perflib_Perfdata_2ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-10-08 471129]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-10-09 86016]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-04-28 90112]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-11-14 873840]
"TDispVol"="TDispVol.exe" [2009-12-15 208896]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-10-09 110592]
"TPSMain"="TPSMain.exe" [2009-09-30 268864]
"Zooming"="ZoomingHook.exe" [2005-06-06 24576]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\ricky.HOME\\Start Menu\\Programs\\Games\\Call of Duty 1\\CoDMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rocket knight demo\\RocketKnight_ConfigTool.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard demo\\BeatHazardDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"c:\\Documents and Settings\\ricky.HOME\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [6/29/2009 2:25 PM 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/11/2009 11:11 PM 6528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/23/2010 2:41 AM 24652]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [4/23/2010 11:07 AM 24064]
R3 PGSUSFLT;PGSUSFLT;c:\windows\system32\drivers\pgsuspend.SYS [12/15/2009 4:29 AM 18816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 3:11 PM 136176]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/15/2009 4:16 AM 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/15/2009 4:16 AM 174592]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [8/4/2010 1:12 PM 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [9/17/2009 7:37 PM 111960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006Core.job
- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006UA.job
- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:job-vwjg6-1743545261@craigslist.org?subject=Earn%20extra%20money!%20(Richmond)&body=%0A%0Ahttp%3A%2F%2Frichmond.craigslist.org%2Fetc%2F1743545261.html%0A
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\
FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 10:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-27 10:26:48
ComboFix-quarantined-files.txt 2010-09-27 14:26

Pre-Run: 3,082,788,864 bytes free
Post-Run: 3,114,717,184 bytes free

- - End Of File - - A383103534F0BA4A84F66225A41BFCD4

Attached Files

  • Attached File  log.txt   20.18KB   2 downloads

Edited by mpascal, 28 September 2010 - 07:44 AM.


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 28 September 2010 - 07:45 AM

Hi there,

Don't worry about the Norton warnings. Can you run ComboFix again for me please.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 paganorr

paganorr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 29 September 2010 - 07:52 PM

Here is the new log from ComboFix:

ComboFix 10-09-29.01 - ricky 09/29/2010 17:26:11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.590 [GMT -4:00]
Running from: c:\documents and settings\ricky.HOME\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\xp

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 18:47 . 2010-09-29 18:47 -------- d-----w- c:\windows\LastGood
2010-09-28 06:13 . 2010-09-28 06:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 21:24 . 2010-09-22 21:24 -------- d-----w- C:\_OTL
2010-09-08 23:09 . 2010-09-08 23:13 -------- d-----w- c:\program files\ComicRack
2010-09-08 22:43 . 2010-09-08 22:43 -------- d-----w- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Help
2010-09-07 04:00 . 2010-09-07 04:00 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 04:00 . 2010-09-07 04:00 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-04 23:22 . 2010-08-20 01:33 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-09-04 23:22 . 2010-08-20 01:33 101376 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-31 05:54 . 2010-08-31 07:04 -------- d-----r- C:\My Books

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:48 . 2009-11-19 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 15:59 . 2010-04-23 16:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\BitTorrent
2010-09-28 10:20 . 2009-12-15 07:51 -------- d-----w- c:\program files\Microsoft Works
2010-09-28 10:20 . 2009-12-15 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-28 06:30 . 2010-04-21 21:41 -------- d-----w- c:\program files\iTunes
2010-09-28 06:29 . 2010-04-21 21:42 -------- d-----w- c:\program files\iPod
2010-09-28 06:21 . 2010-04-21 21:41 -------- d-----w- c:\program files\QuickTime
2010-09-28 06:15 . 2010-04-21 21:40 -------- d-----w- c:\program files\Bonjour
2010-09-08 23:00 . 2009-12-15 07:57 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 04:00 . 2010-05-16 04:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\program files\DivX
2010-09-07 04:00 . 2010-05-16 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-07 04:00 . 2010-08-28 04:52 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-07 04:00 . 2010-08-28 04:50 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 04:00 . 2010-05-16 04:51 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-07 04:00 . 2010-05-16 04:51 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-31 06:21 . 2010-07-20 02:42 -------- d-----w- c:\program files\PokerStars
2010-08-31 05:34 . 2010-04-23 15:33 -------- d-----w- c:\program files\BitTorrent
2010-08-28 15:31 . 2010-08-28 15:31 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-sse.dll
2010-08-28 15:31 . 2010-08-28 15:31 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcp71.dll
2010-08-28 15:31 . 2010-08-28 15:31 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\jmc.dll
2010-08-28 15:31 . 2010-08-28 15:31 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-433187d9-n\msvcr71.dll
2010-08-28 15:31 . 2010-08-28 15:31 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a000cb4-n\decora-d3d.dll
2010-08-28 04:52 . 2010-08-28 04:52 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-28 04:51 . 2010-08-28 04:51 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-23 07:11 . 2010-08-23 07:11 39088 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver1.dll
2010-08-23 07:11 . 2010-08-23 07:11 22976 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Fliqlo\saver2.dll
2010-08-23 07:11 . 2010-08-23 07:10 680624 ----a-w- c:\windows\system32\Fliqlo.scr
2010-08-23 07:11 . 2010-08-23 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2010-08-17 13:17 . 2009-11-19 21:43 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:15 . 2010-08-16 01:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 01:03 . 2010-08-04 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 23:26 . 2010-08-04 17:26 63488 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-15 23:26 . 2010-08-04 17:25 117760 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 01:30 . 2010-08-14 01:29 138 ----a-w- c:\documents and settings\ricky.HOME\Application Data\wklnhst.dat
2010-08-14 01:29 . 2010-08-14 01:29 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Template
2010-08-13 23:28 . 2009-11-19 07:11 -------- d-----w- c:\program files\Java
2010-08-09 15:17 . 2010-08-09 15:17 503808 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcp71.dll
2010-08-09 15:17 . 2010-08-09 15:17 499712 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\jmc.dll
2010-08-09 15:17 . 2010-08-09 15:17 348160 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44015de3-n\msvcr71.dll
2010-08-09 15:17 . 2010-08-09 15:17 61440 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-sse.dll
2010-08-09 15:17 . 2010-08-09 15:17 12800 ----a-w- c:\documents and settings\ricky.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36bb0829-n\decora-d3d.dll
2010-08-05 17:40 . 2010-08-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-04 17:26 . 2010-08-04 17:26 52224 ----a-w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\SUPERAntiSpyware.com
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-04 17:25 . 2010-08-04 17:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 17:12 . 2009-11-19 07:11 -------- d-----w- c:\program files\TOSHIBA
2010-08-04 04:05 . 2010-08-04 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 23:31 . 2010-08-03 23:31 -------- d-----w- c:\program files\Trend Micro
2010-08-03 19:38 . 2010-07-31 23:49 -------- d-----w- c:\documents and settings\ricky.HOME\Application Data\Azureus
2010-08-01 21:51 . 2010-05-09 00:22 -------- d-----w- c:\program files\Steam
2010-08-01 21:49 . 2010-05-19 00:01 -------- d-----w- c:\program files\X-Moto
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2009-11-19 21:43 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-19 06:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-04-24 05:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 15:06 . 2010-04-23 15:06 13 --sh--r- c:\windows\system32\drivers\fbd.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-23_16.21.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-29 17:47 . 2010-09-29 17:47 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-11-19 21:44 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2009-11-19 21:44 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-06-02 01:48 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2010-06-02 01:48 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-03-08 12:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 12:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-11-19 21:42 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2009-11-19 21:42 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
- 2009-11-19 21:42 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll
+ 2009-11-19 21:42 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2010-04-23 15:17 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-04-23 15:17 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-04-23 15:17 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-04-23 15:17 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 12:33 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 12:33 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-15 07:58 . 2010-06-09 21:32 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-09 21:31 . 2010-06-09 21:31 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-28 10:11 . 2010-09-28 10:11 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-04 12:29 . 2010-06-04 12:29 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 12:29 . 2010-09-29 18:49 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2009-12-15 07:52 . 2010-05-02 16:49 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2010-09-28 10:15 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dd5ce29ac227f3d0fd81b84621a57477\WindowsLiveWriter.ni.exe
+ 2010-09-28 16:31 . 2010-09-28 16:31 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67a565eaa748e11f0953953cbdcd4e72\WindowsLive.Writer.Api.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-09-28 10:21 . 2010-09-28 10:21 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-28 10:20 . 2010-09-28 10:20 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-09-28 16:29 . 2010-09-28 16:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 20:51 . 2010-06-24 20:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-11-19 21:44 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2009-11-19 21:44 . 2008-04-14 12:00 293376 c:\windows\system32\winsrv.dll
- 2009-11-19 21:44 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
+ 2009-11-19 21:44 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll
- 2009-11-19 21:44 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll
+ 2009-11-19 21:44 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2009-11-19 21:43 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2009-11-19 21:43 . 2010-09-28 10:18 535110 c:\windows\system32\perfh009.dat
+ 2009-11-19 21:43 . 2010-09-28 10:18 101568 c:\windows\system32\perfc009.dat
+ 2009-11-19 21:43 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2009-11-19 21:43 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2009-11-19 21:43 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2009-11-19 21:43 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2009-03-08 12:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-03-08 12:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2009-11-19 06:24 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2009-11-19 21:42 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2009-11-19 21:42 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2009-11-19 21:42 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2009-11-19 21:42 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2009-11-19 21:42 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2009-11-19 21:42 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2009-11-18 22:21 . 2010-06-09 21:40 182632 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-18 22:21 . 2010-09-28 14:56 182632 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-19 21:43 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2009-03-08 12:34 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 12:34 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-11-19 06:39 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2009-11-19 06:43 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-11-19 07:07 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 12:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 12:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 12:32 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 12:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-04-23 15:17 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2010-04-23 15:17 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-11-19 06:35 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-04-23 15:17 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-04-23 15:17 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 12:31 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 12:31 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 20:21 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 20:21 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 22:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 22:09 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 12:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 12:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\1435795.msp
+ 2009-12-15 07:58 . 2010-09-28 10:20 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-15 07:58 . 2010-09-28 10:20 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-09-28 06:31 . 2010-09-28 06:31 380928 c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-12-15 07:52 . 2010-05-02 16:49 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-12-15 07:52 . 2010-05-02 16:49 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-12-15 07:52 . 2010-05-02 16:49 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-06-20 21:04 . 2007-06-20 21:04 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-06-21 21:48 . 2007-06-21 21:48 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-06-20 21:04 . 2007-06-20 21:04 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-09-28 10:15 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-09-28 10:15 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-09-28 10:15 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-09-28 10:15 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-09-28 16:32 . 2010-09-28 16:32 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-09-28 16:31 . 2010-09-28 16:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\556ae36dd8238b6157bc1e8a7cccd550\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f06626ccee27150b618f6ff8e4b83dba\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e45d40fad4c1b13c93dbd1268410f3\WindowsLive.Writer.Passport.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df15c0083bdfbbe4b1c7e83034ecd5f6\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b2d5a953edeb3357a489c44f9f9000b2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f73472385b353ebd6010d02ad42b2b6\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84c1ee11d86bed17949850c394f4581c\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56faab9a03f8863e76f75d8b6c70185b\WindowsLive.Writer.Localization.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4844cd1fac89240407ab5e2a4fe9c518\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\482300ac4d48e5c77dc319ec489e6bfc\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\436529704b6c85b97f68a5489dc82ab2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dce78aa75f081de7ad7cd480e64167a\WindowsLive.Writer.Interop.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1931e1807dc35a71bda7ce8b517c84ef\WindowsLive.Writer.Controls.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a657bcf90f1a3340e7e33ea4dad4c9\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\088f2a6fd9107021e9b80ecc5c832334\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4db92179406aa5a642aca6165defa8fe\WindowsLive.Client.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-09-28 16:29 . 2010-09-28 16:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-09-28 16:29 . 2010-09-28 16:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-09-28 16:32 . 2010-09-28 16:32 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-09-28 15:01 . 2010-09-28 15:01 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-28 15:01 . 2010-09-28 15:01 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-28 15:01 . 2010-09-28 15:01 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-28 15:01 . 2010-09-28 15:01 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-09-28 16:32 . 2010-09-28 16:32 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-09-28 16:29 . 2010-09-28 16:29 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 20:52 . 2010-06-24 20:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 20:52 . 2010-06-24 20:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-19 21:44 . 2010-06-23 13:44 1851904 c:\windows\system32\win32k.sys
+ 2009-11-19 21:44 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2009-11-19 21:43 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
- 2008-04-14 00:54 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:54 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 00:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
- 2009-11-19 21:43 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2009-11-19 21:43 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2009-11-19 21:43 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 12:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2009-11-19 07:07 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 12:34 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2009-11-19 06:44 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2009-11-19 06:39 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-11-19 06:39 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-11-19 06:39 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-11-19 06:39 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 03:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-11-19 06:39 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-11-19 06:39 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-11-19 06:41 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-11-19 06:41 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-03-08 12:41 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-04-23 15:18 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-04-23 15:18 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-04-23 15:17 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-28 06:30 . 2010-09-28 06:30 6333440 c:\windows\Installer\6b53a7.msi
+ 2010-09-28 06:20 . 2010-09-28 06:20 9472000 c:\windows\Installer\6b4b0a.msi
+ 2010-09-28 06:15 . 2010-09-28 06:15 1984000 c:\windows\Installer\6b485a.msi
+ 2010-07-09 21:28 . 2010-07-09 21:28 2151424 c:\windows\Installer\14357a8.msp
+ 2010-07-11 00:14 . 2010-07-11 00:14 2850816 c:\windows\Installer\143576c.msp
+ 2009-12-15 07:58 . 2010-09-28 10:20 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-15 07:58 . 2010-06-09 21:32 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-12-15 07:52 . 2010-05-02 16:49 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2009-12-15 07:52 . 2010-09-28 10:20 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
- 2009-12-15 07:52 . 2010-05-02 16:49 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-06-21 21:44 . 2007-06-21 21:44 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-09-28 10:15 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2009-11-19 06:39 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-11-19 06:39 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-11-19 06:39 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-11-19 06:39 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 03:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 03:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-11-19 06:39 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-11-19 06:39 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-09-28 16:31 . 2010-09-28 16:31 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe2736628a39e877978af81a9dd31d07\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba732eb3a84c96e8bf60495395efbfac\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\87825e26c8a5fd4e559b5e8d58faec21\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-09-28 10:20 . 2010-09-28 10:20 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-28 10:19 . 2010-09-28 10:19 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-09-28 15:04 . 2010-09-28 15:04 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-09-28 16:35 . 2010-09-28 16:35 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-09-28 16:29 . 2010-09-28 16:29 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-28 16:29 . 2010-09-28 16:29 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-09-28 15:02 . 2010-09-28 15:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-09-28 15:02 . 2010-09-28 15:02 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\240b4bf536558f872989fb8fbbc9f42f\System.Data.Entity.ni.dll
+ 2010-09-28 15:02 . 2010-09-28 15:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-09-28 15:01 . 2010-09-28 15:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-28 15:01 . 2010-09-28 15:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-28 10:20 . 2010-09-28 10:20 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-28 16:34 . 2010-09-28 16:34 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-28 16:32 . 2010-09-28 16:32 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 20:52 . 2010-06-24 20:52 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 20:52 . 2010-06-24 20:52 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 20:51 . 2010-06-24 20:51 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-28 10:17 . 2010-09-28 10:17 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-24 20:52 . 2010-06-24 20:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-28 10:18 . 2010-09-28 10:18 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-23 15:30 . 2010-09-10 18:34 35552200 c:\windows\system32\MRT.exe
+ 2009-03-08 12:39 . 2010-06-24 21:51 11077120 c:\windows\system32\ieframe.dll
+ 2010-04-23 15:17 . 2010-06-24 21:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-29 18:47 . 2010-09-29 18:47 20303872 c:\windows\Installer\378d59.msp
+ 2010-05-19 17:08 . 2010-05-19 17:08 11408896 c:\windows\Installer\1435784.msp
+ 2010-07-11 00:06 . 2010-07-11 00:06 10120192 c:\windows\Installer\1435764.msp
+ 2010-09-28 10:15 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-28 16:31 . 2010-09-28 16:31 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-09-28 16:30 . 2010-09-28 16:30 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ef67ec8c2cbadb84db79db3513cd25fa\System.ServiceModel.ni.dll
+ 2010-09-28 15:03 . 2010-09-28 15:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-28 15:00 . 2010-09-28 15:00 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-28 10:20 . 2010-09-28 10:21 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-28 10:19 . 2010-09-28 10:19 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-10-08 471129]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-10-09 86016]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-04-28 90112]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-11-14 873840]
"TDispVol"="TDispVol.exe" [2009-12-15 208896]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-10-09 110592]
"TPSMain"="TPSMain.exe" [2009-09-30 268864]
"Zooming"="ZoomingHook.exe" [2005-06-06 24576]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\ricky.HOME\\Start Menu\\Programs\\Games\\Call of Duty 1\\CoDMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rocket knight demo\\RocketKnight_ConfigTool.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard demo\\BeatHazardDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"c:\\Documents and Settings\\ricky.HOME\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [6/29/2009 2:25 PM 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/11/2009 11:11 PM 6528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/23/2010 2:41 AM 24652]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [4/23/2010 11:07 AM 24064]
R3 PGSUSFLT;PGSUSFLT;c:\windows\system32\drivers\pgsuspend.SYS [12/15/2009 4:29 AM 18816]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [9/17/2009 7:37 PM 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 3:11 PM 136176]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/15/2009 4:16 AM 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/15/2009 4:16 AM 174592]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [8/4/2010 1:12 PM 51512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 19:11]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006Core.job
- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064477378-1622327323-425704490-1006UA.job
- c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-23 15:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:job-vwjg6-1743545261@craigslist.org?subject=Earn%20extra%20money!%20(Richmond)&body=%0A%0Ahttp%3A%2F%2Frichmond.craigslist.org%2Fetc%2F1743545261.html%0A
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\
FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ricky.HOME\Application Data\Mozilla\Firefox\Profiles\spwtzl8o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ricky.HOME\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ricky.HOME\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 17:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-09-29 17:36:30
ComboFix-quarantined-files.txt 2010-09-29 21:36

Pre-Run: 1,365,028,864 bytes free
Post-Run: 1,434,587,136 bytes free

- - End Of File - - 33C9F9A68C4C6F3CC6EEB6A8DAD0CC33

Attached Files

  • Attached File  log.txt   79.24KB   2 downloads

Edited by mpascal, 30 September 2010 - 07:35 PM.
opened log


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:27 PM

Posted 30 September 2010 - 07:37 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users