Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dnserror.htm - program too big to fit in memory


  • Please log in to reply
32 replies to this topic

#1 gnagda

gnagda

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 15 September 2010 - 12:00 PM

Hello,
I have problem stated below, someone help me out.

Problem Statement:

1. Windows XP startup getting slow to a painful sluggish level. Opera was my favored browser, which went down first, no site working, windows uninstaller stopped working, removed opera physically. Now with IE slowness is increasing gradually.
2. While printing any page, a “dos” window appears for a split second "Program too big to fit in memory" and closes soon after that, however printing takes place.
3. When I try to open any (not all) link in my IE browser it says "Navigation Canceled" and "Internet Explorer cannot display webpage" and the display in URL area is "res://C:\windows\system32\shdoclc.dll/dnserror.htm. ". This more often happens while in any secure site.

Remedial measures attempted:
-About 6 months ago, when startup was getting slow, combofix was run, some files were quarantined and console startup was created. Things were fine for some time.
-I use avast antivirus and ccleaner and do not use Norton AV. Fresh combofix was downloaded and run with no result. No result too with SpyBot and Malwarebytes. While SAS detected 4 Adware.Tracking Cookie.

The problem persists.
Please Help,
Thanks.

Below is copy of DDS log, GMER log (Ark.txt) and SAS log (.txt) are attached.

DDS (Ver_10-03-17.01) - NTFSx86
Run by ANALAB at 18:03:27.70 on Wed 09/15/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1631 [GMT 5.5:30]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ANALAB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rediff.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - c:\program files\logia\esnipsdownloader\eSnipsBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-23 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-7 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
S2 Sentry;Sentry;c:\windows\system32\drivers\sentry.sys [2010-1-24 9180]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-16 1691480]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================

2010-09-15 12:24:25 0 ----a-w- c:\documents and settings\analab\defogger_reenable
2010-09-15 06:41:16 0 d-----w- c:\docume~1\analab\applic~1\SUPERAntiSpyware.com
2010-09-15 06:41:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-15 06:40:49 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 17:12:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-12 17:12:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-01 13:10:14 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2010-08-30 12:48:12 0 d-----w- c:\program files\Logia
2010-08-30 12:48:12 0 d-----w- c:\docume~1\analab\applic~1\Logia
2010-08-30 05:20:59 0 d-----w- c:\program files\Ethalone
2010-08-30 05:16:12 0 d-----w- c:\docume~1\analab\applic~1\Philipp Winterberg
2010-08-30 05:16:00 0 d-----w- c:\program files\Free RAR Extract Frog

==================== Find3M ====================

2010-09-15 10:46:33 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-15 10:46:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 18:03:51.39 ===============

Edited by hamluis, 15 September 2010 - 12:02 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 22 September 2010 - 05:49 PM

hi gnagda,

Your post is a few days old. If you still need help simply post back.

How Can I Reduce My Risk to Malware?


#3 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 25 September 2010 - 08:48 PM

Thanks
The problem remains, below is recent DDS log; Ark.txt and SAS.txt are attached
appreciate your time, please help



DDS (Ver_10-03-17.01) - NTFSx86
Run by ANALAB at 21:29:06.84 on Sat 09/25/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1569 [GMT 5.5:30]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ANALAB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rediff.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - c:\program files\logia\esnipsdownloader\eSnipsBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-7 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
S2 Sentry;Sentry;c:\windows\system32\drivers\sentry.sys [2010-1-24 9180]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-16 1691480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-25 15:56:23 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-25 15:56:21 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 21:29:33.04 ===============


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 25 September 2010 - 09:14 PM

You can try resetting IE back to its defaults, see link.




How Can I Reduce My Risk to Malware?


#5 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 26 September 2010 - 10:49 AM

resetting of IE6 done.
Problem remains same.

DDS log after resetting IE6 follows:


DDS (Ver_10-03-17.01) - NTFSx86
Run by ANALAB at 21:12:01.50 on Sun 09/26/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1558 [GMT 5.5:30]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ANALAB\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - c:\program files\logia\esnipsdownloader\eSnipsBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-7 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]
S2 Sentry;Sentry;c:\windows\system32\drivers\sentry.sys [2010-1-24 9180]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-16 1691480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================

2010-09-26 15:12:14 0 d-----w- C:\xml-menu
2010-09-22 15:48:36 0 d-sh--w- C:\found.001
2010-09-22 12:09:08 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-09-22 12:09:08 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-09-22 11:24:21 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-22 11:12:40 0 d-----w- c:\windows\SHELLNEW
2010-09-18 11:43:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 11:43:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 05:40:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 12:24:25 0 ----a-w- c:\documents and settings\analab\defogger_reenable
2010-09-15 06:41:16 0 d-----w- c:\docume~1\analab\applic~1\SUPERAntiSpyware.com
2010-09-15 06:41:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-15 06:40:49 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 17:12:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-12 17:12:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-01 13:10:14 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2010-08-30 12:48:12 0 d-----w- c:\program files\Logia
2010-08-30 12:48:12 0 d-----w- c:\docume~1\analab\applic~1\Logia
2010-08-30 05:20:59 0 d-----w- c:\program files\Ethalone
2010-08-30 05:16:12 0 d-----w- c:\docume~1\analab\applic~1\Philipp Winterberg
2010-08-30 05:16:00 0 d-----w- c:\program files\Free RAR Extract Frog

==================== Find3M ====================

2010-09-26 15:23:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-26 15:23:27 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 21:12:15.56 ===============


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 26 September 2010 - 04:08 PM

See if these two fixes do anything;

fix one

fix two

How Can I Reduce My Risk to Malware?


#7 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 27 September 2010 - 12:41 AM

many thanks for ur valuable time, however both options didnt work. problem remains

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 27 September 2010 - 04:38 PM

please post a traditional HJT log;

Download HiJackThis log - Trend Micro HijackThis 2.0.4

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in next reply.

How Can I Reduce My Risk to Malware?


#9 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 September 2010 - 12:06 AM

Thanks, hijackthis log follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:24 AM, on 9/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ANALAB\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.rediff.com/cgi-bin/login.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 4290 bytes


#10 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 September 2010 - 12:14 AM

PS. Now I have started getting "\windows\system32\SensApi.dll is not a valid window image" as error message in DOS window.

#11 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 28 September 2010 - 04:23 PM

well the good news is I dont see any malware and everything you have run is coming up clean. You have reset IE 6.0 back to its defaults.
Have you thought about going with IE 8.0?


How Can I Reduce My Risk to Malware?


#12 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 September 2010 - 11:09 PM

Thanks very much for you time and efforts.
error messages i am getting are harmless?
how can it be stopped?
will go for IE8
thanks again.

#13 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:35 AM

Posted 29 September 2010 - 03:39 PM

The errors dont seem to be malware related. Several apps you have run are coming up clean. Do you have Windows update turned on or have you been to windows updates lately?
are you getting anything like page redirects when your on the internet? We can get another look for malware using combofix. There is a guide to read first. read through the guide then apply the directions on your own machine. Post the combofix log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#14 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 30 September 2010 - 02:07 AM

While runing Combofix, waning appeared: "real time scanner: Norton Internet Security" is running, however I have no Norton AV.
Also while scan was on a warning appered: PEV.cfxxe-Bad Image: c:\windows\system32\SensApi.dll is not a valid windows image"
Same warning reappered when combofix was preparing Log report:

The combofix report follows:

ComboFix 10-09-29.03 - ANALAB 09/30/2010 12:19:19.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1528 [GMT 5.5:30]
Running from: c:\documents and settings\ANALAB\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-29 16:03 . 2010-09-29 16:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-26 15:12 . 2010-09-29 16:02 -------- d-----w- C:\xml-menu
2010-09-22 15:48 . 2010-09-22 15:48 -------- d-----w- C:\found.001
2010-09-22 12:15 . 2010-09-22 12:15 -------- d-----w- c:\documents and settings\ANALAB\Application Data\CyberLink
2010-09-22 11:24 . 2010-09-22 11:24 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-22 11:18 . 2010-09-22 11:18 -------- d-----w- c:\program files\Microsoft Works
2010-09-22 11:12 . 2010-09-22 11:17 -------- d-----w- c:\windows\SHELLNEW
2010-09-22 11:12 . 2010-09-22 11:12 -------- d-----w- c:\documents and settings\ANALAB\Local Settings\Application Data\Microsoft Help
2010-09-22 11:11 . 2010-09-22 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-22 11:09 . 2010-09-22 11:09 -------- d-----r- C:\MSOCache
2010-09-18 11:43 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 11:43 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 05:40 . 2010-09-17 05:40 503808 ----a-w- c:\documents and settings\ANALAB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32efe8a6-n\msvcp71.dll
2010-09-17 05:40 . 2010-09-17 05:40 499712 ----a-w- c:\documents and settings\ANALAB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32efe8a6-n\jmc.dll
2010-09-17 05:40 . 2010-09-17 05:40 348160 ----a-w- c:\documents and settings\ANALAB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32efe8a6-n\msvcr71.dll
2010-09-17 05:40 . 2010-09-17 05:40 -------- d-----w- c:\program files\Common Files\Java
2010-09-17 05:40 . 2010-09-17 05:40 61440 ----a-w- c:\documents and settings\ANALAB\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22e77ddf-n\decora-sse.dll
2010-09-17 05:40 . 2010-09-17 05:40 12800 ----a-w- c:\documents and settings\ANALAB\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22e77ddf-n\decora-d3d.dll
2010-09-17 05:40 . 2010-07-16 23:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:05 . 2010-09-25 17:56 63488 ----a-w- c:\documents and settings\ANALAB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 07:05 . 2010-09-15 07:05 52224 ----a-w- c:\documents and settings\ANALAB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-15 07:05 . 2010-09-25 17:56 117760 ----a-w- c:\documents and settings\ANALAB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-15 06:41 . 2010-09-15 06:41 -------- d-----w- c:\documents and settings\ANALAB\Application Data\SUPERAntiSpyware.com
2010-09-15 06:41 . 2010-09-15 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-15 06:40 . 2010-09-15 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 17:12 . 2010-09-29 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-12 17:12 . 2010-09-12 17:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 04:00 . 2010-01-08 13:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-30 04:00 . 2010-01-08 13:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\BSNL SelfSupport
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Free Medical Dictionary
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Rising
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Skype
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Panda Security
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Logia
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Golden K star
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Ethalone
2010-09-29 16:00 . 2010-09-29 16:00 -------- d-----w- c:\program files\Driver-Soft
2010-09-27 16:28 . 2010-08-30 12:48 -------- d-----w- c:\documents and settings\ANALAB\Application Data\Logia
2010-09-27 16:21 . 2010-03-24 15:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-09-22 12:18 . 2010-01-04 07:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-22 12:18 . 2010-01-04 08:08 -------- d-----w- c:\program files\CyberLink
2010-09-22 12:17 . 2010-01-04 07:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-22 12:05 . 2010-02-01 12:48 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-22 11:25 . 2010-02-10 11:49 -------- d-----w- c:\program files\QuickTime
2010-09-22 11:22 . 2010-01-04 07:18 118384 ----a-w- c:\documents and settings\ANALAB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 11:43 . 2010-03-24 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 05:40 . 2010-01-08 17:31 -------- d-----w- c:\program files\Java
2010-09-12 16:45 . 2010-03-24 16:28 -------- d-----w- c:\program files\a-squared Free
2010-09-12 06:29 . 2010-07-12 12:24 -------- d-----w- c:\program files\CCleaner
2010-09-07 16:13 . 2010-01-04 08:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-07 15:12 . 2010-07-01 07:25 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-07 14:41 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-07 14:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-07 14:41 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-07 14:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-07 14:41 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-01-07 14:41 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-01-07 14:41 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-01-07 14:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-30 05:45 . 2010-08-30 05:16 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-08-30 05:16 . 2010-08-30 05:16 -------- d-----w- c:\documents and settings\ANALAB\Application Data\Philipp Winterberg
2010-07-25 04:25 . 2010-07-25 04:25 2829 ----a-w- c:\documents and settings\ANALAB\Application Data\Microsoft\Internet Explorer\Quick Launch\WS.pif
.

((((((((((((((((((((((((((((( SnapShot_2010-09-12_06.10.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 08:10 . 2006-10-26 08:10 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-07-24 05:20 . 2006-07-24 05:20 47920 c:\windows\system32\VBAME.DLL
+ 2010-09-22 11:53 . 2006-09-25 12:28 14640 c:\windows\system32\spmsg.dll
+ 2006-10-26 08:40 . 2006-10-26 08:40 33088 c:\windows\system32\FM20ENU.DLL
+ 2010-09-22 10:54 . 2008-07-25 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Web.RegularExpressions.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Drawing.Design.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Configuration.Install.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Vsa.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Build.Utilities.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Build.Framework.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\ISymWrapper.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\IEHost.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\CustomMarshalers.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\cscompmgd.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Accessibility.dll
+ 2010-09-22 11:13 . 2010-09-22 11:13 48128 c:\windows\Installer\4e83a.msi
+ 2010-09-22 11:19 . 2010-09-22 11:19 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2010-09-22 11:18 . 2010-09-22 11:18 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2010-09-22 11:17 . 2010-09-22 11:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft_VsaVb.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.VisualC.Dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\IIEHost.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\IEExecRemote.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 08:15 . 2006-10-26 08:15 293376 c:\windows\system32\WISPTIS.EXE
+ 2010-09-29 15:59 . 2010-09-29 16:04 933636 c:\windows\system32\Restore\rstrlog.dat
+ 2010-09-17 05:40 . 2010-07-16 23:30 153376 c:\windows\system32\javaws.exe
- 2010-01-08 17:32 . 2010-01-08 17:31 145184 c:\windows\system32\javaw.exe
+ 2010-09-17 05:40 . 2010-07-16 23:30 145184 c:\windows\system32\javaw.exe
- 2010-01-08 17:32 . 2010-01-08 17:31 145184 c:\windows\system32\java.exe
+ 2010-09-17 05:40 . 2010-07-16 23:30 145184 c:\windows\system32\java.exe
+ 2006-10-26 08:15 . 2006-10-26 08:15 207360 c:\windows\system32\INKED.DLL
+ 2010-01-04 12:37 . 2010-09-22 11:57 412672 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-22 10:54 . 2008-07-25 05:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Web.Services.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Web.Mobile.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Transactions.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.ServiceProcess.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Security.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Runtime.Remoting.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Messaging.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Management.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.EnterpriseServices.Wrapper.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.EnterpriseServices.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Drawing.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.DirectoryServices.Protocols.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.DirectoryServices.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Deployment.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Data.SqlXml.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Data.OracleClient.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.configuration.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\sysglobl.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.VisualBasic.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.JScript.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Build.Tasks.dll
+ 2010-09-22 10:55 . 2008-07-25 05:46 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\Microsoft.Build.Engine.dll
+ 2010-09-22 10:54 . 2008-07-25 05:46 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\AspNetMMCExt.dll
+ 2010-02-24 18:44 . 2010-02-24 18:44 543232 c:\windows\Installer\79ae6.msp
+ 2010-09-22 11:15 . 2010-09-22 11:15 501248 c:\windows\Installer\4e87c.msi
+ 2010-09-22 11:14 . 2010-09-22 11:14 501248 c:\windows\Installer\4e85c.msi
+ 2010-09-22 11:14 . 2010-09-22 11:14 506880 c:\windows\Installer\4e854.msi
+ 2010-09-22 11:13 . 2010-09-22 11:13 516608 c:\windows\Installer\4e84b.msi
+ 2010-09-22 11:13 . 2010-09-22 11:13 513024 c:\windows\Installer\4e842.msi
+ 2010-09-22 11:12 . 2010-09-22 11:12 501248 c:\windows\Installer\4e816.msi
+ 2010-09-17 05:40 . 2010-09-17 05:40 180224 c:\windows\Installer\225b3a.msi
+ 2010-09-22 11:19 . 2010-09-22 11:19 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-22 11:12 . 2010-09-22 11:12 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2006-07-24 05:20 . 2006-07-24 05:20 125744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSTDFMT.DLL
+ 2004-11-17 12:03 . 2004-11-17 12:03 450669 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AWEC.DLL
+ 2004-11-17 12:03 . 2004-11-17 12:03 589880 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AUTL.DLL
+ 2009-01-05 10:14 . 2009-01-05 10:14 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2010-09-22 11:20 . 2010-09-22 11:20 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
- 2010-07-03 14:47 . 2010-07-03 14:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2010-09-22 10:47 . 2010-09-22 10:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2010-09-22 11:18 . 2010-09-22 11:18 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2010-09-22 11:18 . 2010-09-22 11:18 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2010-09-22 11:18 . 2010-09-22 11:18 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 08:10 . 2006-10-26 08:10 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 08:40 . 2006-10-26 08:40 1190688 c:\windows\system32\FM20.DLL
+ 2010-09-22 10:55 . 2008-07-25 05:47 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.XML.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Windows.Forms.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 5238784 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Web.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Design.dll
+ 2010-09-22 10:55 . 2008-07-25 05:47 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\System.Data.dll
+ 2010-09-22 10:54 . 2008-07-25 05:47 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC16692\mscorlib.dll
+ 2010-09-22 11:15 . 2010-09-22 11:15 1652736 c:\windows\Installer\4e874.msi
+ 2010-09-22 11:14 . 2010-09-22 11:14 1652736 c:\windows\Installer\4e86c.msi
+ 2010-09-22 11:14 . 2010-09-22 11:14 1652736 c:\windows\Installer\4e864.msi
+ 2010-09-22 11:13 . 2010-09-22 11:13 1640960 c:\windows\Installer\4e82e.msi
+ 2010-09-22 11:13 . 2010-09-22 11:13 2022912 c:\windows\Installer\4e826.msi
+ 2010-09-22 11:12 . 2010-09-22 11:12 1713152 c:\windows\Installer\4e81e.msi
+ 2010-09-22 11:12 . 2010-09-22 11:12 2397184 c:\windows\Installer\4e80e.msi
+ 2010-09-22 11:19 . 2010-09-22 11:19 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-09-22 11:19 . 2010-09-22 11:19 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-22 10:46 . 2010-09-22 10:46 7867392 c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
- 2010-07-03 14:46 . 2010-07-03 14:46 7867392 c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2010-09-22 10:48 . 2010-09-22 10:48 5449728 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
- 2010-07-03 14:48 . 2010-07-03 14:48 5449728 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2010-09-22 11:20 . 2010-09-22 11:20 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2010-09-22 11:20 . 2010-09-22 11:20 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
- 2010-07-03 14:47 . 2010-07-03 14:47 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2010-09-22 10:47 . 2010-09-22 10:47 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
- 2010-07-03 14:46 . 2010-07-03 14:46 6614016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2010-09-22 10:47 . 2010-09-22 10:47 6614016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
- 2010-07-04 03:06 . 2010-07-04 03:06 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 12836352 c:\windows\Installer\4e89f.msi
+ 2010-09-12 06:35 . 2010-09-12 06:35 11485184 c:\windows\assembly\temp\CCHX3E56MN\mscorlib.ni.dll
+ 2010-09-22 10:47 . 2010-09-22 10:47 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
- 2010-07-03 14:47 . 2010-07-03 14:47 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
- 2010-07-04 03:07 . 2010-07-04 03:07 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2010-09-22 11:19 . 2010-09-22 11:19 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2010-09-22 10:47 . 2010-09-22 10:47 10681344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
- 2010-07-03 14:47 . 2010-07-03 14:47 10681344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2010-09-22 10:46 . 2010-09-22 10:46 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
- 2010-07-03 14:44 . 2010-07-03 14:44 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Magnify"="Magnify.exe" [2004-08-03 72704]
"RunNarrator"="Narrator.exe" [2004-08-03 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^License Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\License Manager.lnk
backup=c:\windows\pss\License Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart 97.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk
backup=c:\windows\pss\Lotus SuiteStart 97.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ANALAB^Start Menu^Programs^Startup^Logicool . Product Registration.lnk]
path=c:\documents and settings\ANALAB\Start Menu\Programs\Startup\Logicool . Product Registration.lnk
backup=c:\windows\pss\Logicool . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ANALAB^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
path=c:\documents and settings\ANALAB\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
backup=c:\windows\pss\Lotus SmartSuite 97 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ANALAB^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\ANALAB\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ANALAB^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\ANALAB\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-12-08 10:29 64032 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsnlTrayApp]
2010-03-25 13:54 921088 ------w- c:\program files\BSNL SelfSupport\bin\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContactKeeper Birthday reminder]
2005-02-13 05:45 647168 ----a-w- d:\myprog\ContactKeeper\ContactKeeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 15:26 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2006-10-26 14:18 434528 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips_Downloader]
2010-05-24 11:30 1234432 ----a-w- c:\program files\Logia\eSnipsDownloader\eSnips_Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-18 04:23 159744 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 06:10 49152 ----a-r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 08:08 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-18 04:23 135168 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 07:32 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 07:36 2195216 ----a-w- c:\program files\Logicool\Qcam\Qcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-04-21 10:11 438359 ----a-w- c:\progra~1\BSNLSE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
2010-03-25 13:56 202240 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 06:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-18 04:23 131072 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-08 10:29 18789920 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 06:14 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"comHost"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"gupdate"=2 (0x2)
"wuauserv"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SENS"=2 (0x2)
"SCardSvr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=2 (0x2)
"AppMgmt"=3 (0x3)
"dmadmin"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"a2free"=2 (0x2)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/7/2010 8:11 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2010 8:11 PM 17744]
S2 Sentry;Sentry;c:\windows\system32\drivers\sentry.sys [1/24/2010 1:07 PM 9180]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/16/2010 8:38 AM 1691480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rediff.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 12:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-602162358-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\browselc.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-09-30 12:25:10
ComboFix-quarantined-files.txt 2010-09-30 06:55
ComboFix2.txt 2010-09-12 06:12
ComboFix3.txt 2010-03-27 14:48
ComboFix4.txt 2010-03-25 09:45

Pre-Run: 57,767,342,080 bytes free
Post-Run: 57,917,681,664 bytes free

- - End Of File - - 6CDCD744F39D2FF5CD101A45E325C6DA


#15 gnagda

gnagda
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 30 September 2010 - 02:25 AM

PS:
I have turned off windows update.

I do not get page redirects while on internet.

However when I visit secure site of my bank to view my protfolio, a warning appers: "This page contains both secure and non secure items. Do you want to display the non secure items" and the page opens irrespective of clicking Yes or No.
It is fine with all other sites.
This is started occuring since the original problem (dnserror) started.
dont understand why?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users