Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 naeyoder79

naeyoder79

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 05 September 2010 - 12:13 PM

Ok, my computer was infested with the AV Security Suite. I followed the forum's instructions for removal - booted to safe mode, ran rkill, installed Malwarebytes, and removed 5 objects. Computer no longer had the pop ups and error messages, but some programs would still not work and internet browser was very slow to load. So I ran the tdsskiller as instructed to search for any rootkits that may have been installed. It found none, but I am still having problems. Was unable to run Backup & Restore, burn files to disk, etc. Ran DDS and Gmer - note Gmer would not allow me to check the boxes "System, Sections, Devices, Modules, Processes, Threads or Library" However, I was able to ensure that the three boxes that should not be checked were indeed not checked. DDS txt below and Attach.txt and Ark.txt attached.


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Renae at 9:17:51.58 on Sun 09/05/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5110 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Renae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\T42ILADC\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-

usuk&channel=us&ibd=1081110
uWindow Title = Windows Internet Explorer provided by Live Nation
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-

usuk&channel=us&ibd=1081110
mDefault_Search_URL =

hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/sea

rch.html
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) =

hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files

(x86)\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files

(x86)\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files

(x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1

\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files

(x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files (x86)\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common

files\mcafee\systemcore\ScriptSn.20100812221814.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files

(x86)\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files (x86)\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program

files (x86)\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files

(x86)\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)

\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)

\yahoo!\companion\installs\cpn2\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Search Protection] c:\program files (x86)\yahoo!\search

protection\SearchProtection.exe
uRun: [cdloader] "c:\users\renae\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Logitech Vid HD] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-

static\CLIStart.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\10.0

\sharedcom\RoxWatchTray10.exe"
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe

online\DataSafeOnline.exe" /m
mRun: [PeachtreePrefetcher.exe] "c:\progra~2\sageso~1\peacht~1\PeachtreePrefetcher.exe"

/configfile:peachtreeprefetcher.winstart.config
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search

protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0

\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\renae\appdata\roaming\micros~1\windows\startm~1

\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\winzip~1.lnk -

c:\program files (x86)\winzip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Trusted Zone: vetsecure.com\www
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.kleinfelder.com/dana-

cached/sc/JuniperSetupClient.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-

xp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files

(x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1

\skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1

\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common

files\mcafee\systemcore\ScriptSn.20100812221814.dll
BHO-X64: scriptproxy - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun-x64: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage

manager\iaanotif.exe"
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [(Default)]
mRun-x64: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe

online\DataSafeOnline.exe" /m
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-12 528616]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-11-9 55024]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-12

75288]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-12 279752]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common

files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-12 355440]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common

files\mcafee\systemcore\mfefire.exe [2010-8-12 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common

files\mcafee\systemcore\mfevtps.exe [2010-8-12 148520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-12

440688]
S2 0106991283618761mcinstcleanup;McAfee Application Installer Cleanup

(0106991283618761);c:\windows\temp\010699~1.exe c:\progra~2\common~1\mcafee\instal~1

\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\010699~1.exe c:\progra~2

\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service -->

c:\windows\system32\dlbkcoms.exe -service [?]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008

-8-22 214016]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common

files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-12 355440]
S2 McProxy;McAfee Proxy Service;"c:\program files\common

files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-12 355440]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8

-12 199032]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\pervasive

software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\common files\roxio

shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\common files\roxio

shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search &

destroy\SDWinSec.exe [2010-9-3 1153368]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9

\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-12 62416]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-12 189880]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12

93840]
S3 OA002Afx;Provides a software interface to control audio effects of OA002

camera.;c:\windows\system32\drivers\OA002Afx.sys [2007-6-8 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32

\drivers\OA002Ufd.sys [2008-6-3 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys

[2008-8-1 306560]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-4-4 19544]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20

19968]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0

\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19

50688]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-7

89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-05 16:16:55 0 ----a-w- c:\users\renae\defogger_reenable
2010-09-04 22:39:12 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-04 15:27:26 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-04 01:22:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-04 01:22:50 0 d-----w- c:\program files (x86)\Spybot - Search &

Destroy
2010-09-04 01:15:41 0 dc----w- c:\programdata\{ECC164E0-3133-4C70-A831-

F08DB2940F70}
2010-09-03 23:11:13 0 d-----w-

c:\users\renae\appdata\roaming\Malwarebytes
2010-09-03 23:11:04 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 23:11:04 0 d-----w- c:\programdata\Malwarebytes
2010-09-03 23:11:04 0 d-----w- c:\program files (x86)\Malwarebytes' Anti

-Malware
2010-08-24 13:50:35 0 d-----w- c:\programdata\magicJack
2010-08-13 05:18:20 0 d-----w- c:\program files\McAfee.com
2010-08-13 05:18:14 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-13 05:18:06 93840 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-13 05:18:06 75288 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-13 05:18:06 62416 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-13 05:18:06 528616 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-13 05:18:06 440688 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-13 05:18:06 279752 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-13 05:18:06 189880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-13 05:18:06 121504 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-12 17:31:10 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 17:31:08 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 17:31:08 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 17:31:07 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 17:31:05 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 17:31:05 36864 ----a-w- c:\windows\syswow64\rtutils.dll

==================== Find3M ====================

2010-08-13 05:18:16 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-13 05:18:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-13 05:18:16 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-18 04:47:30 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 18:00:36 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-18 14:55:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-12 14:29:04 245760 --sha-w-

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index

.dat
2009-11-12 05:27:05 16384 --sha-w-

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.

ie5\index.dat
2009-11-12 05:27:05 32768 --sha-w-

c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary

internet files\content.ie5\index.dat
2009-11-12 05:27:05 16384 --sha-w-

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.

dat
2009-11-12 05:27:05 245760 --sha-w-

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\ind

ex.dat
2010-02-22 15:13:22 245760 --sha-w- c:\windows\system32

\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 14:07:11 245760 --sha-w- c:\windows\syswow64

\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-10 03:21:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:20:21.16 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 naeyoder79

naeyoder79
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 07 September 2010 - 08:45 PM

Problem solved - no need to respond, but thanks for the forum and to all the volunteers!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 07 September 2010 - 10:06 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users