Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email Hijack & Combofix Log


  • Please log in to reply
1 reply to this topic

#1 jjmc

jjmc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 17 June 2011 - 12:55 PM

Can anyone see evidence on ComboFix log of resolution of an Email Address Book Hijack ??

ComboFix 11-06-16.02 - John McGraw 06/17/2011 7:09.18.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2599 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110617-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-16 18:14 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232A6408-7005-4727-B3C8-4C09B1B1466C}\mpengine.dll
2011-06-16 12:49 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-11 17:27 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-11 17:27 . 2011-05-04 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 22:33 . 2011-06-02 22:33 -------- d-----w- c:\documents and settings\John McGraw\Local Settings\Application Data\Citrix
2011-05-27 22:46 . 2011-05-28 04:47 -------- d-----w- c:\documents and settings\John McGraw\Application Data\Brother
2011-05-27 22:44 . 2011-05-27 22:44 -------- d-----w- c:\program files\Common Files\Brother
2011-05-27 22:32 . 2008-08-26 05:26 73728 ----a-r- c:\windows\system32\pt243F.DLL
2011-05-27 22:32 . 2008-07-17 08:43 20480 ----a-r- c:\windows\system32\pt243M.DLL
2011-05-27 22:32 . 2008-07-08 02:06 40960 ----a-r- c:\windows\system32\pt243L.DLL
2011-05-27 22:32 . 2008-07-03 23:51 294912 ----a-r- c:\windows\system32\pt243M.EXE
2011-05-19 13:25 . 2011-06-16 13:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2009-12-01 14:07 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-04 09:25 . 2008-10-13 16:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-09-26 23:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 04:32 . 2011-04-13 04:32 45 ----a-w- c:\windows\system32\stopSvc.bat
2011-04-13 04:32 . 2011-04-13 04:32 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2010-10-01 20:28 . 2010-10-01 20:28 10351944 ----a-w- c:\program files\winzip145.exe
2009-11-13 22:37 . 2009-11-13 22:37 229888 ----a-w- c:\program files\FolderSize-2.4.msi
2009-08-14 04:36 . 2009-08-14 04:36 11253736 ----a-w- c:\program files\asov2.exe
2009-05-13 18:18 . 2009-05-13 18:18 5520400 ----a-w- c:\program files\WindowsSearch-KB940157-XP-x86-enu.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-20_04.49.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-05-27 22:32 . 2007-01-08 10:27 57344 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\PTFILO.DLL
+ 2011-05-27 22:32 . 2008-08-27 07:52 48128 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243V.DLL
+ 2011-05-27 22:32 . 2008-07-22 11:50 98304 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243UT.EXE
+ 2011-05-27 22:32 . 2008-07-24 10:50 32768 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243UT.DLL
+ 2011-05-27 22:32 . 2007-01-25 09:29 61440 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243I3.DLL
+ 2011-05-27 22:32 . 2008-08-26 05:26 73728 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243F.DLL
+ 2011-05-27 22:32 . 2007-01-08 10:27 57344 c:\windows\system32\spool\drivers\w32x86\3\PTFILO.DLL
+ 2011-05-27 22:32 . 2008-08-27 07:52 48128 c:\windows\system32\spool\drivers\w32x86\3\pt243V.DLL
+ 2011-05-27 22:32 . 2008-07-22 11:50 98304 c:\windows\system32\spool\drivers\w32x86\3\pt243UT.EXE
+ 2011-05-27 22:32 . 2008-07-24 10:50 32768 c:\windows\system32\spool\drivers\w32x86\3\pt243UT.DLL
+ 2011-05-27 22:32 . 2007-01-25 09:29 61440 c:\windows\system32\spool\drivers\w32x86\3\pt243I3.DLL
+ 2011-05-27 22:32 . 2008-08-26 05:26 73728 c:\windows\system32\spool\drivers\w32x86\3\pt243F.DLL
+ 2006-02-28 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2011-05-27 22:45 . 2007-01-08 10:27 57344 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\PTFILO.DLL
+ 2011-05-27 22:45 . 2008-08-27 07:52 48128 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243V.DLL
+ 2011-05-27 22:45 . 2008-07-22 11:50 98304 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243UT.EXE
+ 2011-05-27 22:45 . 2008-07-24 10:50 32768 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243UT.DLL
+ 2011-05-27 22:45 . 2008-07-17 08:43 20480 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243M.DLL
+ 2011-05-27 22:45 . 2008-07-08 02:06 40960 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243L.DLL
+ 2011-05-27 22:45 . 2007-01-25 09:29 61440 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243I3.DLL
+ 2011-05-27 22:45 . 2008-08-26 05:26 73728 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243F.DLL
- 2009-06-10 23:19 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 23:19 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-09-27 21:27 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-09-27 21:27 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 01:44 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 01:44 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-27 01:45 . 2010-01-27 01:45 61440 c:\windows\system32\AddinPtouch50_Icon.dll
+ 2011-06-04 17:54 . 2011-06-04 17:54 21504 c:\windows\Installer\1172b3f.msi
+ 2011-05-27 23:03 . 2011-05-27 23:03 49152 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut5_4B119EDAEBD24B9F9DA85DC59C33B629.exe
+ 2011-05-27 23:03 . 2011-05-27 23:03 61440 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut41_897A220591CA407D8A3DE8EBD4806E8A.exe
+ 2011-05-27 23:03 . 2011-05-27 23:03 61440 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut4_475DFF90987947DDA7524B0D88E6517C.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-04 12:55 . 2011-06-04 12:55 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2011-01-26 22:50 . 2011-01-27 20:58 23558 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000001}\ARPPRODUCTICON.exe
+ 2011-01-26 22:50 . 2011-06-02 21:04 23558 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000001}\ARPPRODUCTICON.exe
+ 2010-10-15 03:18 . 2011-06-16 14:12 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-10-15 03:18 . 2011-04-15 04:32 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-10-15 03:18 . 2011-06-16 14:12 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-10-15 03:18 . 2011-04-15 04:32 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-10-15 03:18 . 2011-04-15 04:32 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-15 03:18 . 2011-06-16 14:12 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-02 22:00 . 2011-06-02 22:00 65536 c:\windows\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
+ 2011-06-02 22:00 . 2011-06-02 22:00 65536 c:\windows\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
+ 2011-06-02 22:00 . 2011-06-02 22:00 65536 c:\windows\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2011-05-27 22:32 . 2008-08-27 07:52 196608 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243UI.DLL
+ 2011-05-27 22:32 . 2008-07-22 01:40 118272 c:\windows\system32\spool\drivers\w32x86\brotherpt_2430pc5c0c\pt243R.DLL
+ 2011-05-27 22:32 . 2008-08-27 07:52 196608 c:\windows\system32\spool\drivers\w32x86\3\pt243UI.DLL
+ 2011-05-27 22:32 . 2008-07-22 01:40 118272 c:\windows\system32\spool\drivers\w32x86\3\pt243R.DLL
+ 2006-02-28 12:00 . 2011-06-17 14:10 602012 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-04-20 04:48 602012 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-06-17 14:10 124988 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-04-20 04:48 124988 c:\windows\system32\perfc009.dat
+ 2011-05-17 18:55 . 2002-03-07 07:19 454656 c:\windows\system32\PaintX.dll
+ 2006-02-28 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
+ 2011-06-16 13:30 . 2011-06-16 13:30 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-06-16 13:30 . 2011-06-16 13:30 321184 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2009-11-29 07:29 . 2011-05-04 11:52 157472 c:\windows\system32\javaws.exe
- 2009-11-29 07:29 . 2009-10-11 12:17 145184 c:\windows\system32\javaw.exe
+ 2009-11-29 07:29 . 2011-05-04 11:52 145184 c:\windows\system32\javaw.exe
+ 2009-11-29 07:29 . 2011-05-04 11:52 145184 c:\windows\system32\java.exe
- 2009-11-29 07:29 . 2009-10-11 12:17 145184 c:\windows\system32\java.exe
+ 2011-05-17 18:55 . 2003-07-06 20:07 372736 c:\windows\system32\ijl15.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
+ 2011-03-03 16:13 . 2011-03-03 16:13 385552 c:\windows\system32\FTBSaver.scr
+ 2008-09-26 16:10 . 2011-06-03 13:04 384816 c:\windows\system32\FNTCACHE.DAT
+ 2011-05-27 22:45 . 2008-08-27 07:52 196608 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243UI.DLL
+ 2011-05-27 22:45 . 2008-07-22 01:40 118272 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243R.DLL
+ 2011-05-27 22:45 . 2008-07-03 23:51 294912 c:\windows\system32\DRVSTORE\pt243v_B5A397B300F0E87550DCAB05CB9D1DEF66EF4C80\pt243M.EXE
- 2006-02-28 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2007-08-14 01:54 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 01:54 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2007-08-14 01:44 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:44 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-09-27 21:27 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-09-27 21:27 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 14:55 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-09-27 21:23 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-09-27 21:23 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-06-10 23:19 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-10 23:19 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 01:54 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 13:44 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-09 13:44 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 01:39 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-06-11 17:27 . 2011-06-11 17:27 203776 c:\windows\Installer\a8390f.msi
+ 2011-06-16 14:11 . 2011-06-16 14:11 223744 c:\windows\Installer\4dfa7d.msi
+ 2011-06-16 14:10 . 2011-06-16 14:10 467456 c:\windows\Installer\4dfa58.msi
+ 2011-05-27 23:03 . 2011-05-27 23:03 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut3_7D90BDC8D55A47DAACAED78580AF12D5.exe
+ 2011-05-27 23:03 . 2011-05-27 23:03 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut2_5FF7E82144C24C158313BE043B12A9E5.exe
+ 2011-05-27 23:03 . 2011-05-27 23:03 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\ARPPRODUCTICON.exe
- 2010-10-15 03:18 . 2011-04-15 04:32 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-10-15 03:18 . 2011-06-16 14:12 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-10-15 03:18 . 2011-06-16 14:12 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
- 2010-10-15 03:18 . 2011-04-15 04:32 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-30 00:05 . 2011-04-15 04:38 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-09-15 02:31 . 2010-09-15 02:31 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-15 02:31 . 2011-06-16 14:11 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-09 15:09 . 2011-05-11 15:56 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-09 15:09 . 2011-04-15 04:37 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-06-16 14:09 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-16 14:09 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-16 14:09 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-16 14:10 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-16 14:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-16 14:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-16 14:10 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-16 14:10 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2008-11-12 14:55 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-19 05:51 . 2011-04-19 05:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-05-27 23:03 . 2011-05-27 23:03 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2006-02-28 12:00 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
- 2007-08-14 01:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2007-08-14 01:54 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-14 01:54 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-27 21:27 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2008-09-27 21:27 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-06-02 22:00 . 2011-06-02 22:00 2980352 c:\windows\Installer\e24ac7.msi
+ 2011-04-29 19:27 . 2011-04-29 19:27 4158464 c:\windows\Installer\a38d3a.msp
+ 2011-06-04 12:55 . 2011-06-04 12:55 1529344 c:\windows\Installer\534d6.msi
+ 2011-04-29 19:31 . 2011-04-29 19:31 9006080 c:\windows\Installer\4dfaae.msp
+ 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\4dfa8f.msp
+ 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\4dfa74.msp
+ 2011-04-29 19:33 . 2011-04-29 19:33 8173568 c:\windows\Installer\4dfa6a.msp
+ 2011-06-01 23:23 . 2011-06-01 23:23 2283008 c:\windows\Installer\226dc32.msi
+ 2011-05-27 23:03 . 2011-05-27 23:03 1071616 c:\windows\Installer\2213e4b.msi
+ 2011-05-27 22:45 . 2011-05-27 22:45 1404416 c:\windows\Installer\20ff241.msi
- 2008-09-30 00:05 . 2011-04-15 04:38 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-30 00:05 . 2011-06-16 14:14 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 19:49 . 2010-11-10 19:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 19:49 . 2010-11-10 19:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-06-16 14:10 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2008-09-27 21:26 . 2011-06-16 14:12 47716296 c:\windows\system32\MRT.exe
+ 2007-08-14 01:54 . 2011-04-26 17:11 11081728 c:\windows\system32\ieframe.dll
+ 2008-09-27 21:27 . 2011-04-26 17:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\226dc33.msp
+ 2010-11-10 19:49 . 2010-11-10 19:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2011-06-16 14:10 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="d:\program files\RoboTaskBarIcon.exe" [2010-10-29 160328]
"RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2010-12-28 1328512]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-30 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-30 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-30 86016]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-05-09 23040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="d:\program files\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Family Tree Builder Update"="d:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 226832]
"Adobe Reader Speed Launcher"="d:\program files\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"RoboForm"="d:\program files\RoboTaskBarIcon.exe" [2010-10-29 160328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
ACT! Speed Loader.lnk - d:\program files\ACTLDR.EXE [2009-11-2 34816]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-17 113664]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ------w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
backup=c:\windows\pss\SideACT!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John McGraw^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-11-06 11:42 50472 ------w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- d:\program files\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-10-29 14:00 160328 ----a-w- d:\program files\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouSendIt.exe]
2010-01-27 22:28 82432 ----a-w- c:\program files\YouSendIt\Express\YouSendIt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"d:\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\VectorWorks 12.5.1\\VectorWorks.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\WiselinkPro.exe"=
"d:\\Program Files\\http_ss_win_pro.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\Program Files\\graphite.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/3/2010 10:43 AM 114768]
S1 MpKslf76c0567;MpKslf76c0567;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83CF99F5-F2DB-41A2-B9E8-F23BE6AE8CEC}\MpKslf76c0567.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83CF99F5-F2DB-41A2-B9E8-F23BE6AE8CEC}\MpKslf76c0567.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/3/2010 10:43 AM 20560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 1:19 PM 133104]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [3/24/2011 10:21 AM 143360]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [5/14/2009 9:01 AM 4440064]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 AllShare;SAMSUNG AllShare Service;d:\program files\WiselinkPro.exe [3/12/2010 3:25 PM 9421312]
S3 AZAYYT;AZAYYT;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\AZAYYT.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\AZAYYT.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/9/2010 1:03 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 4:15 PM 191488]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 4:15 PM 191488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 4:14 PM 1360896]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 4:14 PM 1360896]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 4:15 PM 67072]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 4:15 PM 67072]
S3 DSQUYEOUV;DSQUYEOUV;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\DSQUYEOUV.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\DSQUYEOUV.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 FGX;FGX;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\FGX.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\FGX.exe [?]
S3 FKFDDU;FKFDDU;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\FKFDDU.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\FKFDDU.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 1:19 PM 133104]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [1/25/2005 2:26 PM 212736]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\24E.tmp --> c:\windows\system32\24E.tmp [?]
S3 NRGE;NRGE;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\NRGE.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\NRGE.exe [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 SIWIO;SIW low-level I/O driver;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 YAB;YAB;c:\docume~1\JOHNMC~1\LOCALS~1\Temp\YAB.exe --> c:\docume~1\JOHNMC~1\LOCALS~1\Temp\YAB.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 20:19]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 20:19]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-879983540-682003330-1003Core1cb6c6d4086c400.job
- c:\documents and settings\John McGraw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 15:24]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-879983540-682003330-1003UA.job
- c:\documents and settings\John McGraw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 15:24]
.
2011-06-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{751DF132-20F5-4EA3-AF59-91E7E3C2DB01}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: RoboForm Toolbar - file://d:\program files\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/pvcadview.cab
FF - ProfilePath - c:\documents and settings\John McGraw\Application Data\Mozilla\Firefox\Profiles\snyuzr12.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - d:\program files\Firefox
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\24E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,7f,1c,32,78,74,d3,42,bb,7d,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,7f,1c,32,78,74,d3,42,bb,7d,c3,\
.
[HKEY_USERS\S-1-5-21-823518204-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-823518204-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82AEC1C3-B9D8-09D8-F3B5-D82C3F883656}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaolkcejffbjcojbpc"=hex:6a,61,63,62,6e,6c,66,61,69,66,64,6d,6c,6e,70,63,69,6f,
69,6c,00,00
"haipabhcclppomjd"=hex:6b,61,66,62,66,6e,6c,70,6c,66,65,68,64,6f,68,68,6b,65,
64,6b,69,6b,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(336)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-17 07:13:33
ComboFix-quarantined-files.txt 2011-06-17 14:13
ComboFix2.txt 2011-04-20 04:51
ComboFix3.txt 2011-02-16 19:49
ComboFix4.txt 2010-12-15 22:34
ComboFix5.txt 2011-06-17 14:08
.
Pre-Run: 5,608,652,800 bytes free
Post-Run: 5,680,599,040 bytes free
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2A2EE928C47CEFB668F5BF9E079D13F2

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:56 PM

Posted 26 June 2011 - 09:08 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users