Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google, Yahoo Redirects in all Browsers


  • This topic is locked This topic is locked
45 replies to this topic

#1 jimbobw

jimbobw

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 December 2011 - 08:58 PM

I was instructed by Broni to post here.

We were working on my problem in this post HERE

I have an Attach.txt file but haven't been instructed to attach it yet.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_30
Run by Hal at 18:44:10 on 2011-12-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4029.1908 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{833973F6-DA2C-4477-8F6F-8916708ECA7A} : DhcpNameServer = 68.87.72.134 68.87.77.134
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hal\AppData\Roaming\Mozilla\Firefox\Profiles\ujq2tf57.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Hal\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hal\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Hal\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\system32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-2 2152152]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-14 222528]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2011-8-31 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-8-31 181480]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-8-31 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-8-6 239648]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-7 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-22 00:30:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8A72ADE-2D3F-49A7-A211-CBA9C05FD515}\offreg.dll
2011-12-21 07:00:17 -------- d-----w- C:\Users\Hal\AppData\Local\Apple Computer
2011-12-20 07:57:30 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8A72ADE-2D3F-49A7-A211-CBA9C05FD515}\mpengine.dll
2011-12-18 13:57:28 -------- d-----w- C:\Users\Hal\AppData\Local\Adobe
2011-12-18 10:27:48 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-16 21:59:50 -------- d-----w- C:\Users\Hal\AppData\Local\adaware
2011-12-16 21:11:50 -------- d-s---w- C:\ComboFix
2011-12-14 00:23:54 -------- d-----w- C:\$RECYCLE.BIN
2011-12-13 23:28:56 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-13 23:28:56 256000 ----a-w- C:\Windows\PEV.exe
2011-12-13 23:28:56 208896 ----a-w- C:\Windows\MBR.exe
2011-12-13 23:28:55 98816 ----a-w- C:\Windows\sed.exe
2011-12-13 11:55:52 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-12-13 11:55:48 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-12-12 23:15:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-11 12:28:29 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-12-07 22:24:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-12-07 22:24:18 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-12-07 22:23:12 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-12-07 22:22:58 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-07 22:22:40 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-04 11:04:51 23864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-12-04 11:04:43 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-12-04 11:04:43 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
==================== Find3M ====================
.
2011-12-17 19:33:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec
2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 19:00:30.00 ===============

BC AdBot (Login to Remove)

 


#2 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 December 2011 - 09:08 PM

A McAfee scan yesterday found c:\windows\system32\services.exe was a Trojan but couldn't clean.

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 21 December 2011 - 09:27 PM

Hello jimbobw,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
Are you able to burn CD's and have a USB flash drive?
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 December 2011 - 10:45 PM

Tdsskiller.exe will not run. I renamed it and it still doesn't run.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 21 December 2011 - 11:06 PM

Go ahead and run COmbofix

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 December 2011 - 06:47 PM

OK - I started ComboFix before leaving for work this morning. When I left it was on stage 5 or so and everything looked normal. When I got back, I had no desktop icons. I look in Windows Explorer and everything is in the Desk top folder that should. The folder and all items in them don't have the hidden attribute, but I still can't see them.

There is no Combofix.txt (in the desktop folder) as if ComboFix completed correctly. (Is this where it would be?)

I have another computer and can burn CD's.

I have a small capacity USB thumb drive.

I just tried a google search. The very first one didn't redirect, but now everything else is redirecting. Besides no desktop icons and the redirects, everything is working OK.

I haven't restarted the computer, but I restarted McAfee on - access scanner.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 23 December 2011 - 12:17 AM

Can you please run Combofix again this time in Safemode and post its log.


Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 December 2011 - 05:36 AM

I restarted in safe mode and apparently ComboFix was still running (I didn't restart ComboFix). A dialog appeared saying the log was being prepared.
Here is the log:

ComboFix 11-12-22.01 - Hal 12/22/2011 7:31.2.1 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4029.1726 [GMT -6:00]
Running from: c:\users\Hal\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 09:58 . 2011-12-23 09:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30BC7593-52FC-4D2C-BB70-8E7C9721B488}\offreg.dll
2011-12-23 08:34 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30BC7593-52FC-4D2C-BB70-8E7C9721B488}\mpengine.dll
2011-12-22 14:08 . 2011-12-23 10:00 -------- d-----w- c:\users\Hal\AppData\Local\temp
2011-12-22 14:08 . 2011-12-22 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 06:26 . 2011-12-22 06:28 -------- d-----w- c:\users\Hal\AppData\Local\Spotify
2011-12-22 06:26 . 2011-12-22 06:36 -------- d-----w- c:\users\Hal\AppData\Roaming\Spotify
2011-12-22 00:33 . 2011-12-22 00:33 -------- d-----r- c:\users\Public\Recorded TV
2011-12-21 07:00 . 2011-12-21 23:44 -------- d-----w- c:\users\Hal\AppData\Local\Apple Computer
2011-12-18 13:57 . 2011-12-18 13:58 -------- d-----w- c:\users\Hal\AppData\Local\Adobe
2011-12-18 10:27 . 2011-12-18 10:27 -------- d-----w- c:\program files (x86)\ESET
2011-12-16 21:59 . 2011-12-16 22:15 -------- d-----w- c:\users\Hal\AppData\Local\adaware
2011-12-13 11:55 . 2011-09-01 02:07 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-13 11:55 . 2011-12-13 11:55 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-12 23:15 . 2011-12-12 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-11 12:28 . 2011-12-07 22:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-07 22:24 . 2011-12-22 00:31 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-07 22:24 . 2011-12-07 22:24 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-12-07 22:23 . 2011-12-07 22:24 -------- d-----w- c:\program files (x86)\adawaretb
2011-12-07 22:22 . 2011-12-02 13:49 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-07 22:22 . 2011-12-07 22:22 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-04 11:04 . 2011-09-01 02:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-12-04 11:04 . 2011-09-01 02:07 158832 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-04 11:04 . 2011-09-01 02:07 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-02 14:17 . 2011-12-02 14:17 -------- d-----w- c:\windows\Sun
2011-11-23 22:36 . 2011-11-23 22:36 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 19:33 . 2011-07-16 10:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 11:54 . 2010-06-01 11:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_00.25.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-11 22:31 . 2011-09-30 23:02 66560 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-13 23:23 . 2011-11-03 06:18 66560 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-13 23:23 . 2011-11-03 04:44 13312 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-11 22:31 . 2011-09-30 21:29 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-12-13 23:23 . 2011-11-03 06:18 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-10-11 22:31 . 2011-09-30 23:02 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-10-11 22:32 . 2011-09-30 23:06 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-13 23:23 . 2011-11-03 06:22 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 43520 c:\windows\SysWOW64\licmgr10.dll
- 2011-10-11 22:31 . 2011-09-30 23:02 43520 c:\windows\SysWOW64\licmgr10.dll
- 2011-10-11 22:32 . 2011-09-30 23:01 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 71680 c:\windows\SysWOW64\iesetup.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 71680 c:\windows\SysWOW64\iesetup.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 55808 c:\windows\SysWOW64\iernonce.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 55808 c:\windows\SysWOW64\iernonce.dll
- 2008-01-21 03:20 . 2011-12-14 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-22 00:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-12-14 00:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-18 10:20 . 2011-12-22 00:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-22 00:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-14 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-12-22 00:33 55966 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-12-22 00:33 65434 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-03 01:04 . 2011-12-22 00:33 14264 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1141426410-4169293051-3445987662-1002_UserData.bin
+ 2011-12-13 23:23 . 2011-11-03 06:50 96768 c:\windows\system32\mshtmled.dll
- 2011-10-11 22:31 . 2011-09-30 23:21 96768 c:\windows\system32\mshtmled.dll
- 2011-10-11 22:31 . 2011-09-30 21:47 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-13 23:23 . 2011-11-03 05:11 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-13 23:23 . 2011-11-03 06:50 71680 c:\windows\system32\msfeedsbs.dll
- 2011-10-11 22:31 . 2011-09-30 23:21 71680 c:\windows\system32\msfeedsbs.dll
- 2011-10-11 22:31 . 2011-09-30 23:25 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-13 23:23 . 2011-11-03 06:55 93184 c:\windows\system32\migration\WininetPlugin.dll
- 2011-10-11 22:31 . 2011-09-30 23:21 56832 c:\windows\system32\licmgr10.dll
+ 2011-12-13 23:23 . 2011-11-03 06:50 56832 c:\windows\system32\licmgr10.dll
- 2011-10-11 22:31 . 2011-09-30 23:21 31744 c:\windows\system32\jsproxy.dll
+ 2011-12-13 23:23 . 2011-11-03 06:50 31744 c:\windows\system32\jsproxy.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 77312 c:\windows\system32\iesetup.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 77312 c:\windows\system32\iesetup.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 72192 c:\windows\system32\iernonce.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 72192 c:\windows\system32\iernonce.dll
- 2011-10-11 22:31 . 2011-09-30 21:47 70656 c:\windows\system32\ie4uinit.exe
+ 2011-12-13 23:23 . 2011-11-03 05:11 70656 c:\windows\system32\ie4uinit.exe
+ 2011-12-13 23:23 . 2011-10-25 16:09 85504 c:\windows\system32\csrsrv.dll
- 2011-07-13 19:36 . 2011-04-20 15:58 85504 c:\windows\system32\csrsrv.dll
- 2009-03-18 03:28 . 2011-12-14 00:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-18 03:28 . 2011-12-22 23:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-18 03:28 . 2011-12-14 00:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-18 03:28 . 2011-12-22 23:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-18 03:28 . 2011-12-14 00:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-18 03:28 . 2011-12-22 23:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-04 10:20 . 2011-12-14 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-04 10:20 . 2011-12-22 00:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-12 17:58 . 2011-12-22 05:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-12 17:58 . 2011-12-13 23:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-12 17:58 . 2011-12-22 05:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-08-12 17:58 . 2011-12-13 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-08-12 17:58 . 2011-12-13 23:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-08-12 17:58 . 2011-12-22 05:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-06-04 10:20 . 2011-12-22 05:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 10:20 . 2011-12-14 00:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-04 10:20 . 2011-12-14 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-04 10:20 . 2011-12-22 00:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 09:28 . 2011-12-07 22:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 09:28 . 2011-12-22 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 09:28 . 2011-12-07 22:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 09:28 . 2011-12-22 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-25 23:53 . 2011-12-16 21:31 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-02 18:02 . 2009-04-02 18:02 14720 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\SMARTTAGINSTALL.EXE
+ 2009-03-06 11:04 . 2009-03-06 11:04 33152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\SETLANG.EXE
+ 2009-03-06 10:04 . 2009-03-06 10:04 39464 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\REFIEBAR.DLL
+ 2008-11-04 09:29 . 2008-11-04 09:29 39248 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\REFEDIT.DLL
+ 2009-04-02 18:02 . 2009-04-02 18:02 45968 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OSETUPPS.DLL
+ 2009-04-02 18:02 . 2009-04-02 18:02 15760 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OMUOPTINPS.DLL
+ 2009-03-06 10:23 . 2009-03-06 10:23 22432 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OISCTRL.DLL
+ 2008-11-04 08:02 . 2008-11-04 08:02 54744 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OFFRHD.DLL
+ 2009-03-06 10:04 . 2009-03-06 10:04 64872 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\NAME.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 42864 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSSH.DLL
+ 2009-04-04 00:46 . 2009-04-04 00:46 34200 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOSTYLE.DLL
+ 2008-11-04 09:49 . 2008-11-04 09:49 66424 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOMSE.DLL
+ 2008-11-10 16:50 . 2008-11-10 16:50 68472 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOHTMED.EXE
+ 2008-11-10 16:50 . 2008-11-10 16:50 76664 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOHEV.DLL
+ 2008-11-10 17:38 . 2008-11-10 17:38 27000 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOEURO.DLL
+ 2008-11-04 05:39 . 2008-11-04 05:39 14728 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOCFU.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 18816 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSMH.DLL
+ 2009-03-06 11:10 . 2009-03-06 11:10 47472 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSE7.EXE
+ 2008-10-26 12:26 . 2008-10-26 12:26 66944 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSAEXP30.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 89464 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\METCONV.DLL
+ 2009-03-06 10:26 . 2009-03-06 10:26 65400 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\INLAUNCH.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\EXP_XPS.DLL
+ 2009-04-04 00:46 . 2009-04-04 00:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\EXP_PDF.DLL
+ 2008-10-26 11:42 . 2008-10-26 11:42 65376 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\COLLIMP.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 54152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\AUTHZAX.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACERCLR.DLL
+ 2008-10-25 11:31 . 2008-10-25 11:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEODTXT.DLL
+ 2008-10-25 11:31 . 2008-10-25 11:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEODPDX.DLL
+ 2008-10-25 11:31 . 2008-10-25 11:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEODEXL.DLL
+ 2008-10-25 11:31 . 2008-10-25 11:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEODDBS.DLL
+ 2009-03-06 08:47 . 2009-03-06 08:47 47008 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEERR.DLL
+ 2008-11-21 08:02 . 2008-11-21 08:02 94592 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACCOLK.DLL
+ 2011-12-23 01:06 . 2009-10-06 11:40 5644 c:\windows\temp\TestEngDat64\config.dat
- 2011-08-23 20:28 . 2011-07-11 13:25 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-12-13 23:23 . 2011-11-08 14:42 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-23 20:28 . 2011-07-11 13:45 2048 c:\windows\system32\tzres.dll
+ 2011-12-13 23:23 . 2011-11-08 14:58 2048 c:\windows\system32\tzres.dll
- 2011-12-14 00:21 . 2011-12-14 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-23 09:58 . 2011-12-23 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-23 09:58 . 2011-12-23 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-14 00:21 . 2011-12-14 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-13 23:23 . 2011-11-03 06:22 916992 c:\windows\SysWOW64\wininet.dll
+ 2011-12-13 23:23 . 2011-11-03 06:21 105984 c:\windows\SysWOW64\url.dll
- 2011-10-11 22:32 . 2011-09-30 23:06 105984 c:\windows\SysWOW64\url.dll
- 2011-10-11 22:31 . 2011-09-30 23:04 206848 c:\windows\SysWOW64\occache.dll
+ 2011-12-13 23:23 . 2011-11-03 06:20 206848 c:\windows\SysWOW64\occache.dll
- 2011-10-11 22:31 . 2011-09-30 23:03 611840 c:\windows\SysWOW64\mstime.dll
+ 2011-12-13 23:23 . 2011-11-03 06:18 611840 c:\windows\SysWOW64\mstime.dll
+ 2011-12-13 23:23 . 2011-11-03 06:18 602112 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-11 22:31 . 2011-09-30 23:02 602112 c:\windows\SysWOW64\msfeeds.dll
+ 2011-11-23 22:36 . 2011-12-17 19:33 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2011-11-23 22:36 . 2011-12-08 12:10 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2011-12-04 17:02 . 2011-12-04 17:01 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-12-17 11:31 . 2011-11-10 11:54 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-12-17 11:31 . 2011-11-10 11:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2011-12-17 11:31 . 2011-11-10 11:54 149280 c:\windows\SysWOW64\java.exe
+ 2011-12-13 23:23 . 2011-11-03 04:45 133632 c:\windows\SysWOW64\ieUnatt.exe
- 2011-10-11 22:31 . 2011-09-30 21:29 133632 c:\windows\SysWOW64\ieUnatt.exe
- 2011-10-11 22:31 . 2011-09-30 23:01 164352 c:\windows\SysWOW64\ieui.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 164352 c:\windows\SysWOW64\ieui.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 184320 c:\windows\SysWOW64\iepeers.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 184320 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 387584 c:\windows\SysWOW64\iedkcs32.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 387584 c:\windows\SysWOW64\iedkcs32.dll
- 2011-10-11 22:31 . 2011-09-30 21:29 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-13 23:23 . 2011-11-03 04:45 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-13 23:23 . 2011-10-14 16:02 429056 c:\windows\SysWOW64\EncDec.dll
- 2011-03-08 23:27 . 2010-12-29 18:28 429056 c:\windows\SysWOW64\EncDec.dll
+ 2010-03-26 09:43 . 2011-12-22 23:12 325372 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-10-11 22:31 . 2011-09-30 23:25 108032 c:\windows\system32\url.dll
+ 2011-12-13 23:23 . 2011-11-03 06:54 108032 c:\windows\system32\url.dll
+ 2006-11-02 12:46 . 2011-12-22 00:38 607168 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-12-12 11:49 607168 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-12-12 11:49 104808 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-12-22 00:38 104808 c:\windows\system32\perfc009.dat
- 2011-10-11 22:31 . 2011-09-30 23:23 243712 c:\windows\system32\occache.dll
+ 2011-12-13 23:23 . 2011-11-03 06:53 243712 c:\windows\system32\occache.dll
+ 2011-12-13 23:23 . 2011-11-03 06:50 710656 c:\windows\system32\msfeeds.dll
- 2011-10-11 22:31 . 2011-09-30 23:21 710656 c:\windows\system32\msfeeds.dll
- 2011-10-11 22:31 . 2011-09-30 21:48 162816 c:\windows\system32\ieUnatt.exe
+ 2011-12-13 23:23 . 2011-11-03 05:11 162816 c:\windows\system32\ieUnatt.exe
+ 2011-12-13 23:23 . 2011-11-03 06:49 219136 c:\windows\system32\ieui.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 219136 c:\windows\system32\ieui.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 132096 c:\windows\system32\iesysprep.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 132096 c:\windows\system32\iesysprep.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 252416 c:\windows\system32\iepeers.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 252416 c:\windows\system32\iepeers.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 459776 c:\windows\system32\iedkcs32.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 459776 c:\windows\system32\iedkcs32.dll
- 2011-03-08 23:27 . 2010-12-29 19:01 559616 c:\windows\system32\EncDec.dll
+ 2011-12-13 23:23 . 2011-10-14 17:30 559616 c:\windows\system32\EncDec.dll
+ 2011-09-11 18:37 . 2011-12-23 09:56 450428 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
- 2011-09-11 18:37 . 2011-12-10 02:28 450428 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
- 2011-02-26 09:21 . 2011-12-14 00:18 433820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-26 09:21 . 2011-12-23 09:56 433820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-07 22:28 . 2011-12-18 10:14 868132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1141426410-4169293051-3445987662-1002-12288.dat
+ 2011-12-16 21:41 . 2011-12-16 21:41 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-11-01 09:05 . 2009-11-01 09:05 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 23:57 . 2009-04-03 23:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\WRD12CVR.DLL
+ 2009-04-02 19:06 . 2009-04-02 19:06 439160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\SETUP.EXE
+ 2008-10-25 12:19 . 2008-10-25 12:19 503688 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\SELFCERT.EXE
+ 2009-04-02 20:35 . 2009-04-02 20:35 368520 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\PPSLAX.DLL
+ 2008-10-26 11:42 . 2008-10-26 11:42 482656 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\PORTCONN.DLL
+ 2008-11-04 07:24 . 2008-11-04 07:24 285576 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OISGRAPH.DLL
+ 2008-11-04 07:24 . 2008-11-04 07:24 998784 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OISAPP.DLL
+ 2008-11-04 07:24 . 2008-11-04 07:24 274808 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OIS.EXE
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OGALEGIT.DLL
+ 2009-04-02 19:06 . 2009-04-02 19:06 231848 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ODEPLOY.EXE
+ 2009-03-06 11:16 . 2009-03-06 11:16 538968 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSTORES.DLL
+ 2009-03-06 11:16 . 2009-03-06 11:16 144728 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSTORE.EXE
+ 2009-03-06 11:16 . 2009-03-06 11:16 832344 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSTORDB.EXE
+ 2008-10-25 04:21 . 2008-10-25 04:21 505192 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSSOAP30.DLL
+ 2009-03-06 11:05 . 2009-03-06 11:05 671072 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSQRY32.EXE
+ 2008-11-21 05:42 . 2008-11-21 05:42 732504 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSPROOF6.DLL
+ 2008-10-25 04:50 . 2008-10-25 04:50 436584 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSORUN.DLL
+ 2009-03-06 10:04 . 2009-03-06 10:04 427848 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSODCW.DLL
+ 2009-03-06 09:31 . 2009-03-06 09:31 160616 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSOCF.DLL
+ 2008-10-25 19:39 . 2008-10-25 19:39 290632 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSCDM.DLL
+ 2008-11-04 09:49 . 2008-11-04 09:49 460680 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MODHELP.DLL
+ 2008-11-04 09:49 . 2008-11-04 09:49 829280 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MEDCAT.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 177520 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\IETAG.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\IEAWSDC.DLL
+ 2008-11-25 04:17 . 2008-11-25 04:17 983944 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\FPWEC.DLL
+ 2008-11-04 07:44 . 2008-11-04 07:44 435096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\DWTRIG20.EXE
+ 2009-03-06 10:04 . 2009-03-06 10:04 105856 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\DSSM.EXE
+ 2008-11-21 06:02 . 2008-11-21 06:02 189816 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\CONTACTPICKER.DLL
+ 2008-11-04 09:47 . 2008-11-04 09:47 205680 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\CLVIEW.EXE
+ 2008-11-04 10:21 . 2008-11-04 10:21 400208 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\CDLMSO.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 370608 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEXBE.DLL
+ 2008-11-04 10:06 . 2008-11-04 10:06 208816 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEWSS.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 223152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACETXT.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 550840 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEREP.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 288688 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACER3X.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 255920 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACER2X.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 391096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEPDE.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 387000 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEOLEDB.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 278912 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEODBC.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 206776 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACELTS.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 628656 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEEXCL.DLL
+ 2009-03-06 08:48 . 2009-03-06 08:48 337832 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEEXCH.DLL
+ 2009-03-06 08:47 . 2009-03-06 08:47 190400 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEES.DLL
+ 2009-03-06 08:47 . 2009-03-06 08:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACEDAO.DLL
+ 2009-03-06 08:47 . 2009-03-06 08:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACACEDAO.DLL
+ 2011-12-14 09:13 . 2011-12-14 09:13 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-12-23 01:06 . 2009-10-06 11:40 4706936 c:\windows\temp\TestEngDat64\Mscan64a.dll
- 2011-10-11 22:32 . 2011-09-30 23:06 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-13 23:23 . 2011-11-03 06:21 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-13 23:23 . 2011-11-03 06:18 5978112 c:\windows\SysWOW64\mshtml.dll
+ 2009-02-03 02:15 . 2011-12-17 19:33 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2009-02-03 02:15 . 2011-12-08 12:10 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-10-11 22:32 . 2011-09-30 23:01 2000384 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-13 23:23 . 2011-11-03 06:17 2000384 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-13 23:23 . 2011-11-03 06:55 1147392 c:\windows\system32\wininet.dll
+ 2011-12-13 23:23 . 2011-11-23 13:57 2764800 c:\windows\system32\win32k.sys
- 2011-10-11 22:31 . 2011-09-30 23:25 1488384 c:\windows\system32\urlmon.dll
+ 2011-12-13 23:23 . 2011-11-03 06:55 1488384 c:\windows\system32\urlmon.dll
+ 2011-12-13 23:23 . 2011-11-03 06:51 1062912 c:\windows\system32\mstime.dll
- 2011-10-11 22:31 . 2011-09-30 23:22 1062912 c:\windows\system32\mstime.dll
+ 2011-12-13 23:23 . 2011-11-03 06:50 9292288 c:\windows\system32\mshtml.dll
- 2011-10-11 22:31 . 2011-09-30 23:20 2350592 c:\windows\system32\iertutil.dll
+ 2011-12-13 23:23 . 2011-11-03 06:49 2350592 c:\windows\system32\iertutil.dll
+ 2006-11-02 15:21 . 2011-12-16 21:59 2300152 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-11 19:17 . 2011-12-23 09:56 1636860 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-1141426410-4169293051-3445987662-1002-8192.dat
+ 2011-11-23 22:27 . 2011-12-23 09:56 1301676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1141426410-4169293051-3445987662-1002-8192.dat
+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\1689e54.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\1689e3d.msp
+ 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\1689e28.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 4225536 c:\windows\Installer\1689e13.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\1689df9.msp
+ 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\1689de4.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\1689dcf.msp
+ 2009-03-25 23:53 . 2011-12-16 21:31 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-25 23:53 . 2011-10-12 08:02 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-25 23:53 . 2011-12-16 21:31 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 09:01 . 2009-03-06 09:01 2335648 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\STSLIST.DLL
+ 2009-04-02 19:07 . 2009-04-02 19:07 6540120 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OSETUP.DLL
+ 2009-03-06 10:55 . 2009-03-06 10:55 7036800 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\OFFOWC.DLL
+ 2008-10-25 05:45 . 2008-10-25 05:45 1518504 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\NLSD0000.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 6637936 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSORES.DLL
+ 2009-04-03 03:44 . 2009-04-03 03:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2008-10-25 09:38 . 2008-10-25 09:38 1682800 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\FPSRVUTL.DLL
+ 2009-03-06 08:47 . 2009-03-06 08:47 1759136 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\ACECORE.DLL
+ 2011-12-13 23:23 . 2011-11-03 06:17 11081728 c:\windows\SysWOW64\ieframe.dll
- 2011-10-11 22:31 . 2011-09-30 23:01 11081728 c:\windows\SysWOW64\ieframe.dll
+ 2006-11-02 12:33 . 2011-12-17 18:07 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-12-14 00:19 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:35 . 2011-12-14 09:10 54867776 c:\windows\system32\mrt.exe
+ 2011-12-13 23:23 . 2011-11-03 06:49 12476928 c:\windows\system32\ieframe.dll
- 2011-10-11 22:32 . 2011-09-30 23:20 12476928 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Hal\AppData\Roaming\Spotify\Spotify.exe" [2011-12-22 4010160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-14 222528]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-06 239648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
R2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
R2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-07 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-07 17152]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2011-09-01 20792]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 00:28]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 00:28]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1141426410-4169293051-3445987662-1002Core.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 01:13]
.
2011-12-23 c:\windows\Tasks\User_Feed_Synchronization-{FA202799-6BBA-40B2-8170-44188DAF2A53}.job
- c:\windows\system32\msfeedssync.exe [2011-12-13 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Hal\AppData\Roaming\Mozilla\Firefox\Profiles\ujq2tf57.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-23 04:19:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 10:19
ComboFix2.txt 2011-12-14 00:48
.
Pre-Run: 601,725,521,920 bytes free
Post-Run: 610,371,264,512 bytes free
.
- - End Of File - - B55A66D02761CE777544CCB4238C54DB

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 23 December 2011 - 11:04 AM

Hello,

Still redirecting? If so do the following.


1.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

3.
Is your computer connected to the internet through a router? If so we need to reset that router.
How to reset your router.



Things to include in your next reply::
MbrCheck log
aswMBR log
Is your computer still redirecting ?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 December 2011 - 01:09 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell DM061
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 140):
0x02212000 \SystemRoot\system32\ntoskrnl.exe
0x0272A000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x00607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00642000 \SystemRoot\system32\PSHED.dll
0x00656000 \SystemRoot\system32\CLFS.SYS
0x006B3000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008A7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008B6000 \SystemRoot\system32\drivers\acpi.sys
0x0090C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00915000 \SystemRoot\system32\drivers\msisadrv.sys
0x0091F000 \SystemRoot\system32\drivers\pci.sys
0x0094F000 \SystemRoot\System32\drivers\partmgr.sys
0x00964000 \SystemRoot\system32\drivers\volmgr.sys
0x00978000 \SystemRoot\System32\drivers\volmgrx.sys
0x009DE000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0F000 \SystemRoot\system32\drivers\iastorv.sys
0x00AD6000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B1D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B31000 \SystemRoot\system32\drivers\mfehidk.sys
0x00BCC000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00765000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C01000 \SystemRoot\system32\drivers\ndis.sys
0x00E0C000 \SystemRoot\system32\drivers\msrpc.sys
0x00E5C000 \SystemRoot\system32\drivers\NETIO.SYS
0x01005000 \SystemRoot\System32\drivers\tcpip.sys
0x0117A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00EB5000 \SystemRoot\system32\DRIVERS\timntr.sys
0x0120A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138A000 \SystemRoot\system32\drivers\volsnap.sys
0x013CE000 \SystemRoot\System32\Drivers\spldr.sys
0x011A6000 \SystemRoot\system32\DRIVERS\snapman.sys
0x013D6000 \SystemRoot\System32\Drivers\mup.sys
0x00FA2000 \SystemRoot\System32\drivers\ecache.sys
0x013E8000 \SystemRoot\system32\drivers\disk.sys
0x00FCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x022C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x022D5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x022DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02407000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02ED7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02ED9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FBC000 \SystemRoot\System32\drivers\watchdog.sys
0x022F1000 \SystemRoot\system32\DRIVERS\e1e6032e.sys
0x02FCC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02344000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02FD8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03004000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x030F1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0310D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0311A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03153000 \SystemRoot\system32\DRIVERS\storport.sys
0x031B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0238A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x023BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x023D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02FE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x023F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x031FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00DC4000 \SystemRoot\system32\DRIVERS\ks.sys
0x00BE1000 \SystemRoot\system32\DRIVERS\circlass.sys
0x00BF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x007EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03206000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0324E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03262000 \SystemRoot\system32\drivers\HdAudio.sys
0x032AB000 \SystemRoot\system32\drivers\portcls.sys
0x032E6000 \SystemRoot\system32\drivers\drmk.sys
0x03309000 \SystemRoot\system32\drivers\ksthunk.sys
0x0330F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03319000 \SystemRoot\System32\Drivers\Null.SYS
0x0332D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03335000 \SystemRoot\System32\drivers\vga.sys
0x03343000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03368000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03371000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0337A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03385000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03396000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0339F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x033BC000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03A09000 \SystemRoot\system32\DRIVERS\smb.sys
0x03A24000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A68000 \SystemRoot\system32\drivers\afd.sys
0x03AD3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B1B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B68000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B74000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BAC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03BC4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03BE0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x03BF0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x03C0D000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x03C1D000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x03C45000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03C5D000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x03C67000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C75000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x03D3C000 \SystemRoot\System32\drivers\Dxapi.sys
0x03D48000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x03D5B000 \SystemRoot\system32\drivers\luafv.sys
0x03D7D000 \SystemRoot\system32\drivers\WudfPf.sys
0x03D9E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02200000 \SystemRoot\system32\drivers\HTTP.sys
0x03DCA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x022A3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09003000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0901D000 \SystemRoot\system32\drivers\mrxdav.sys
0x09044000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0906D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x090B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x090D5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09107000 \SystemRoot\System32\DRIVERS\srv.sys
0x09209000 \SystemRoot\system32\drivers\spsys.sys
0x092A3000 \SystemRoot\system32\drivers\peauth.sys
0x09359000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09364000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09374000 \SystemRoot\System32\Drivers\fastfat.SYS
0x093A9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0919A000 \SystemRoot\system32\drivers\mfeavfk.sys
0x091D0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x09200000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x093DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x093EC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07008000 \SystemRoot\system32\drivers\mfeapfk.sys
0x0702D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x774A0000 \Windows\System32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
548 C:\Windows\System32\smss.exe
660 csrss.exe
708 C:\Windows\System32\wininit.exe
716 csrss.exe
760 C:\Windows\System32\services.exe
792 C:\Windows\System32\lsass.exe
800 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\winlogon.exe
984 C:\Windows\System32\svchost.exe
292 C:\Windows\System32\nvvsvc.exe
424 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
620 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\SLsvc.exe
1188 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\nvvsvc.exe
1332 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1984 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1996 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2036 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1132 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1344 C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
1804 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
700 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
1176 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
1956 C:\Windows\System32\mfevtps.exe
1664 C:\Windows\System32\svchost.exe
2096 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2136 C:\Windows\System32\svchost.exe
2184 C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
2192 naPrdMgr.exe
2280 C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
2448 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\SearchIndexer.exe
2500 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
2620 mfeann.exe
2992 WUDFHost.exe
2084 C:\Windows\System32\dwm.exe
1596 C:\Windows\explorer.exe
2924 C:\Windows\System32\taskeng.exe
1148 C:\Windows\System32\taskeng.exe
2764 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
1104 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
3364 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
3052 C:\Windows\System32\wbem\unsecapp.exe
2372 WmiPrvSE.exe
600 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4012 C:\Windows\System32\svchost.exe
3584 C:\Windows\ehome\ehsched.exe
3340 C:\Windows\ehome\ehrecvr.exe
4408 C:\Program Files\Windows Media Player\wmpnetwk.exe
4660 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2108 C:\Windows\System32\igfxsrvc.exe
4260 taskeng.exe
4992 C:\Windows\System32\mobsync.exe
2784 C:\Users\Public\Games\World of Warcraft\Wow.exe
2840 C:\Windows\System32\SearchProtocolHost.exe
4040 C:\Windows\System32\SearchFilterHost.exe
4804 dllhost.exe
3404 dllhost.exe
4276 C:\Users\Hal\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0bc43000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00Y6A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 23 December 2011 - 01:14 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.


MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 December 2011 - 01:16 PM

aswMBR does not run.
Should I do the router reset?
Still redirecting.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 23 December 2011 - 01:19 PM

Hello,


I think our posts got crossed. No need to run aswmbr as I seen what I need to in your MBRCheck log. Please follow the directions in this post #11

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 jimbobw

jimbobw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 December 2011 - 02:23 PM

in /mnt I now have sda1 sda2 sda3 sda4 and MBRbackup.zip

I have no sdb1

so where is MBRbackup.zip?

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:44 PM

Posted 23 December 2011 - 03:05 PM

in /mnt I now have sda1 sda2 sda3 sda4 and MBRbackup.zip

I have no sdb1

so where is MBRbackup.zip?



That is you MBRbackup.zip. That is what I'm looking for.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users